Lucene search
WpvulndbWPVDB-ID:DDAFCAB2-B5DB-4839-8AE1-188383F4250DHistoryApr 26, 2022 - 12:00 a.m.
Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF
2022-04-2600:00:00
wpscan.com
4
The plugin does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads
PoC
| CPE | Name | Operator | Version |
|---|---|---|---|
| coru-lfmember | eq | * |
References
Related
prion
prion
Cross site request forgery (csrf)
2024-01-16 16:15:00
wpexploit
wpexploit
Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF
2022-04-26 00:00:00
cve
cve
CVE-2022-1618
2024-01-16 16:15:09
Related for WPVDB-ID:DDAFCAB2-B5DB-4839-8AE1-188383F4250D