CVE-2023-0603
CVE-2023-0603 concerns the WordPress plugin Sloth Logo Customizer (versions <= 2.0.2). The issue is a lack of CSRF protection when updating settings, coupled with missing sanitization and escaping, enabling a logged-in attacker to induce Stored XSS payloads via a CSRF attack. Root cause: absen...