Metrics
Affected Vendors & Products
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2025-15333 | The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. |
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Mon, 09 Jun 2025 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Smyx
Smyx wp-connect |
|
| Weaknesses | CWE-352 | |
| CPEs | cpe:2.3:a:smyx:wp-connect:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Smyx
Smyx wp-connect |
Tue, 20 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Thu, 15 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |
| Title | WordPress连接微博 <= 2.5.6 - Stored XSS via CSRF | |
| References |
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2025-05-20T19:33:10.397Z
Reserved: 2024-12-05T19:48:38.396Z
Link: CVE-2024-12282
Vulnrichment
Updated: 2025-05-19T20:34:58.907Z
NVD
Status : Analyzed
Published: 2025-05-15T20:15:35.740
Modified: 2025-06-09T18:41:15.260
Link: CVE-2024-12282
Redhat
No data.
OpenCVE Enrichment
No data.