The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Metrics
Affected Vendors & Products
References
History
Mon, 07 Oct 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Snapshot Backup Project
Snapshot Backup Project snapshot Backup |
|
Weaknesses | CWE-352 | |
CPEs | cpe:2.3:a:snapshot_backup_project:snapshot_backup:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Snapshot Backup Project
Snapshot Backup Project snapshot Backup |
Mon, 09 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Versluis
Versluis snapshot-backup |
|
CPEs | cpe:2.3:a:versluis:snapshot-backup:*:*:*:*:*:*:*:* | |
Vendors & Products |
Versluis
Versluis snapshot-backup |
|
Metrics |
cvssV3_1
|
Mon, 09 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |
Title | Snapshot Backup <= 2.1.1 - Stored XSS via CSRF | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-09T06:00:02.765Z
Updated: 2024-09-09T13:18:59.260Z
Reserved: 2024-08-11T23:57:00.800Z
Link: CVE-2024-7689
Vulnrichment
Updated: 2024-09-09T13:18:51.852Z
NVD
Status : Analyzed
Published: 2024-09-09T06:15:02.263
Modified: 2024-10-07T17:45:04.627
Link: CVE-2024-7689
Redhat
No data.