The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2021-11-29T18:10:33.282346Z

Updated: 2024-09-16T22:25:55.544Z

Reserved: 2021-10-14T00:00:00

Link: CVE-2021-42364

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-29T19:15:07.760

Modified: 2024-11-21T06:27:40.100

Link: CVE-2021-42364

cve-icon Redhat

No data.