The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Metrics
Affected Vendors & Products
References
History
Fri, 27 Sep 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Seanschulte
Seanschulte vikinghammer Tweet |
|
Weaknesses | CWE-352 | |
CPEs | cpe:2.3:a:seanschulte:vikinghammer_tweet:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Seanschulte
Seanschulte vikinghammer Tweet |
Tue, 17 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wordpress Plugin
Wordpress Plugin vikinghammer Tweet |
|
CPEs | cpe:2.3:a:wordpress_plugin:vikinghammer_tweet:*:*:*:*:*:*:*:* | |
Vendors & Products |
Wordpress Plugin
Wordpress Plugin vikinghammer Tweet |
|
Metrics |
cvssV3_1
|
Tue, 17 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |
Title | Vikinghammer Tweet <= 0.2.4 - Stored XSS via CSRF | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-17T06:00:03.699Z
Updated: 2024-09-17T14:42:45.857Z
Reserved: 2024-08-21T15:46:44.890Z
Link: CVE-2024-8043
Vulnrichment
Updated: 2024-09-17T14:40:59.090Z
NVD
Status : Analyzed
Published: 2024-09-17T06:15:02.467
Modified: 2024-09-27T18:22:43.967
Link: CVE-2024-8043
Redhat
No data.