CVE-2021-42364

The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the statspage function found in the /stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6...

Stetic < 1.0.9 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the statspage function found in the /stetic.php file, which made it possible for attackers to inject arbitrary web scripts. The CSRF issue has been fixed in 1.0.7, while sanitisation and escaping have been...

WordPress Stetic plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by Naoki Ogawa Cryptography Laboratory in Tokyo Denki University in WordPress Stetic plugin versions = 1.0.8. Solution Update the WordPress Stetic plugin to the latest available version at least...

WordPress 插件 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin Stetic 1.0.6 and its previous versions...