The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-05-08T13:58:23.850Z

Updated: 2024-08-02T05:17:50.080Z

Reserved: 2023-01-31T21:03:59.956Z

Link: CVE-2023-0603

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-05-08T14:15:11.967

Modified: 2024-11-21T07:37:28.190

Link: CVE-2023-0603

cve-icon Redhat

No data.