The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
Metrics
Affected Vendors & Products
References
History
Tue, 08 Oct 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Calenfretts
Calenfretts lastunes |
|
Weaknesses | CWE-352 | |
CPEs | cpe:2.3:a:calenfretts:lastunes:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Calenfretts
Calenfretts lastunes |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-02-12T16:05:59.115Z
Updated: 2024-08-02T08:35:13.207Z
Reserved: 2023-12-04T18:01:49.192Z
Link: CVE-2023-6499
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-02-12T16:15:08.230
Modified: 2024-11-21T08:43:58.487
Link: CVE-2023-6499
Redhat
No data.