The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2021-11-29T18:10:33.282346Z
Updated: 2024-09-16T22:25:55.544Z
Reserved: 2021-10-14T00:00:00
Link: CVE-2021-42364
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-11-29T19:15:07.760
Modified: 2024-11-21T06:27:40.100
Link: CVE-2021-42364
Redhat
No data.