Lucene search
WpvulndbWPVDB-ID:5CAD0B71-F3E4-4797-9C9E-5BB390B03878HistoryJun 08, 2022 - 12:00 a.m.
Copify <= 1.3.0 - Stored Cross-Site Scripting via CSRF
2022-06-0800:00:00
wpscan.com
4
0.001 Low
EPSS
Percentile
39.6%
The plugin does not have CSRF when updating its settings, and it also missing sanitisation as well as escaping in some of them. This could allow attackers to make a logged in admin update them and put Stored Cross-Site Scripting payloads in them
Related
patchstack
patchstack
prion
prion
Cross site request forgery (csrf)
2022-06-13 13:15:00
cve
cve
CVE-2022-1900
2022-06-13 13:15:13
cnvd
cnvd
WordPress plugin Copify cross-site request forgery vulnerability
2022-06-15 00:00:00
cvelist
cvelist
CVE-2022-1900
2022-06-13 12:47:42
nvd
nvd
CVE-2022-1900
2022-06-13 13:15:13