The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Michalaugustyniak |
|
| Misiek Paypal |
|
No data.
References
History
Fri, 27 Sep 2024 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Michalaugustyniak
Michalaugustyniak misiek Paypal |
|
| CPEs | cpe:2.3:a:michalaugustyniak:misiek_paypal:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Michalaugustyniak
Michalaugustyniak misiek Paypal |
Thu, 12 Sep 2024 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Misiek Paypal
Misiek Paypal misiek Paypal |
|
| Weaknesses | CWE-79 | |
| CPEs | cpe:2.3:a:misiek_paypal:misiek_paypal:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Misiek Paypal
Misiek Paypal misiek Paypal |
|
| Metrics |
cvssV3_1
|
Thu, 12 Sep 2024 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |
| Title | Misiek Paypal <= 1.1.20090324 - Stored XSS via CSRF | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2024-09-12T13:31:44.773Z
Reserved: 2024-08-15T18:18:43.983Z
Link: CVE-2024-7861
Vulnrichment
Updated: 2024-09-12T13:31:37.588Z
NVD
Status : Analyzed
Published: 2024-09-12T06:15:24.933
Modified: 2024-09-27T20:52:11.350
Link: CVE-2024-7861
Redhat
No data.