The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Metrics
Affected Vendors & Products
References
History
Mon, 07 Oct 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Azindex Project
Azindex Project azindex |
|
Weaknesses | CWE-352 | |
CPEs | cpe:2.3:a:azindex_project:azindex:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Azindex Project
Azindex Project azindex |
Mon, 09 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Azindex Wordpress Plugin
Azindex Wordpress Plugin azindex Wordpress Plugin |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:azindex_wordpress_plugin:azindex_wordpress_plugin:*:*:*:*:*:*:*:* | |
Vendors & Products |
Azindex Wordpress Plugin
Azindex Wordpress Plugin azindex Wordpress Plugin |
|
Metrics |
cvssV3_1
|
Mon, 09 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |
Title | AZIndex <= 0.8.1 - Stored XSS via CSRF | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-09T06:00:02.313Z
Updated: 2024-09-09T13:29:57.451Z
Reserved: 2024-08-11T23:09:59.932Z
Link: CVE-2024-7687
Vulnrichment
Updated: 2024-09-09T13:28:13.665Z
NVD
Status : Analyzed
Published: 2024-09-09T06:15:02.110
Modified: 2024-10-07T17:45:01.523
Link: CVE-2024-7687
Redhat
No data.