Lucene search
WPScanVULNRICHMENT:CVE-2024-8092HistorySep 17, 2024 - 6:00 a.m.
CVE-2024-8092 Accordion Image Menu <= 3.1.3 - Stored XSS via CSRF
2024-09-1706:00:06
WPScan
github.com
1
cve-2024
wordpress
stored xss
The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:alaingg:accordion_image_menu:*:*:*:*:*:*:*:*"
],
"vendor": "alaingg",
"product": "accordion_image_menu",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "3.1.3"
}
],
"defaultStatus": "unknown"
}
]Related
cve
cve
CVE-2024-8092
2024-09-17 06:15:02
cvelist
cvelist
CVE-2024-8092 Accordion Image Menu <= 3.1.3 - Stored XSS via CSRF
2024-09-17 06:00:06
nvd
nvd
CVE-2024-8092
2024-09-17 06:15:02
EPSS
0
Percentile
9.6%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-8092