The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
History

Tue, 08 Oct 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Calenfretts
Calenfretts lastunes
Weaknesses CWE-352
CPEs cpe:2.3:a:calenfretts:lastunes:*:*:*:*:*:wordpress:*:*
Vendors & Products Calenfretts
Calenfretts lastunes
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-02-12T16:05:59.115Z

Updated: 2024-08-02T08:35:13.207Z

Reserved: 2023-12-04T18:01:49.192Z

Link: CVE-2023-6499

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-02-12T16:15:08.230

Modified: 2024-11-21T08:43:58.487

Link: CVE-2023-6499

cve-icon Redhat

No data.