Lucene search
WpvulndbWPVDB-ID:521F4FBF-8713-494D-A3F4-C5EE9BE2AA90HistoryNov 29, 2021 - 12:00 a.m.
Stetic < 1.0.9 - CSRF to Stored Cross-Site Scripting
2021-11-2900:00:00
wpscan.com
7
0.001 Low
EPSS
Percentile
41.9%
The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts. The CSRF issue has been fixed in 1.0.7, while sanitisation and escaping have been done in 1.0.7 to 1.0.9
Related
cve
cve
CVE-2021-42364
2021-11-29 19:15:07
cnvd
cnvd
WordPress Plugin Cross-Site Request Forgery Vulnerability (CNVD-2021-102803)
2021-12-01 00:00:00
nvd
nvd
CVE-2021-42364
2021-11-29 19:15:07
prion
prion
Cross site request forgery (csrf)
2021-11-29 19:15:00
patchstack
patchstack
cvelist
cvelist