Lucene search
WpvulndbWPVDB-ID:8202289F-5D42-4DA2-9563-CBFD0EDAE4BDHistoryApr 28, 2022 - 12:00 a.m.
Footer Text <= 2.0.3 - Stored Cross-Site Scripting via CSRF
2022-04-2800:00:00
wpscan.com
9
0.001 Low
EPSS
Percentile
21.1%
The plugin does not have CSRF in place when updating its settings, and is lacking sanitisation as well as escaping in them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
| CPE | Name | Operator | Version |
|---|---|---|---|
| footer-text | eq | * |
Related
cvelist
cvelist
patchstack
patchstack
nvd
nvd
CVE-2022-27860
2022-04-28 16:15:08
cve
cve
CVE-2022-27860
2022-04-28 16:15:08
prion
prion
Cross site request forgery (csrf)
2022-04-28 16:15:00