Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF

2022-04-2000:00:00

Vinay Varma Mudunuri

wpscan.com

0.001 Low

EPSS

Percentile

32.3%

JSON

The plugin does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.

PoC

CPENameOperatorVersion
social-stickerseq*

CPE	Name	Operator	Version
	social-stickers	eq	*

0.001 Low

EPSS

Percentile

32.3%

JSON

Related for WPVDB-ID:3851E61E-F462-4259-AF0A-8D832809D559