The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Metrics
Affected Vendors & Products
References
History
Fri, 27 Sep 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Outtolunchproductions
Outtolunchproductions simple Headline Rotator |
|
CPEs | cpe:2.3:a:outtolunchproductions:simple_headline_rotator:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Outtolunchproductions
Outtolunchproductions simple Headline Rotator |
Thu, 12 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Simple Headline Rotator
Simple Headline Rotator simple Headline Rotator |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:simple_headline_rotator:simple_headline_rotator:*:*:*:*:*:*:*:* | |
Vendors & Products |
Simple Headline Rotator
Simple Headline Rotator simple Headline Rotator |
|
Metrics |
cvssV3_1
|
Thu, 12 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |
Title | Simple Headline Rotator <= 1.0 - Stored XSS via CSRF | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-12T06:00:06.139Z
Updated: 2024-09-12T13:35:25.166Z
Reserved: 2024-08-15T18:11:17.585Z
Link: CVE-2024-7860
Vulnrichment
Updated: 2024-09-12T13:35:12.747Z
NVD
Status : Analyzed
Published: 2024-09-12T06:15:24.853
Modified: 2024-09-27T20:56:24.493
Link: CVE-2024-7860
Redhat
No data.