EUVD-2024-46278

Malicious code in bioql PyPI...

CVE-2024-5003

The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5003 WP Stacker <= 1.8.5 - Stored XSS via CSRF

The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5003

CVE-2024-5003 affects WP Stacker WordPress plugin

WordPress WP Stacker plugin <= 1.8.5 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Stacker versions = 1.8.5...

WordPress WP Stacker Plugin <= 1.8.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Stacker Type Plugin Vulnerable versions = 1.8.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Scripting XSS CVE CVE-2024-5003 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 63e4d919bc93 Credits Bob Matyas Required privilege...

WP Stacker <= 1.8.5 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make an admin open an HTML document containing: alert888' / alert2' /...