The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wordpress Plugin
Wordpress Plugin special Feed Items |
|
CPEs | cpe:2.3:a:wordpress_plugin:special_feed_items:*:*:*:*:*:*:*:* | |
Vendors & Products |
Wordpress Plugin
Wordpress Plugin special Feed Items |
|
Metrics |
cvssV3_1
|
Tue, 17 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |
Title | Special Feed Items <= 1.0.1 - Stored XSS via CSRF | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-17T06:00:05.472Z
Updated: 2024-09-17T14:18:08.922Z
Reserved: 2024-08-21T17:26:41.084Z
Link: CVE-2024-8051
Vulnrichment
Updated: 2024-09-17T14:09:00.438Z
NVD
Status : Received
Published: 2024-09-17T06:15:02.690
Modified: 2024-09-17T15:35:13.407
Link: CVE-2024-8051
Redhat
No data.