Lucene search
WpvulndbWPVDB-ID:A76C98EA-B765-4002-B16B-F2131FE906CDHistoryApr 28, 2022 - 12:00 a.m.
Hermit <= 3.1.6 - Stored Cross-Site Scripting via CSRF
2022-04-2800:00:00
wpscan.com
9
0.001 Low
EPSS
Percentile
20.9%
The plugin does not have CSRF check in when creating a source, and does not sanitise as well as escape the title, which could allow attackers to make a logged in user create an arbitrary source with an XSS payload in it
Related
cvelist
cvelist
cve
cve
CVE-2022-29413
2022-04-28 17:15:39
patchstack
patchstack
nvd
nvd
CVE-2022-29413
2022-04-28 17:15:39
prion
prion
Cross site request forgery (csrf)
2022-04-28 17:15:00