The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Moc |
|
| Wordpress Plugin |
|
No data.
References
History
Fri, 27 Sep 2024 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Moc
Moc special Feed Items |
|
| Weaknesses | CWE-352 | |
| CPEs | cpe:2.3:a:moc:special_feed_items:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Moc
Moc special Feed Items |
Tue, 17 Sep 2024 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Wordpress Plugin
Wordpress Plugin special Feed Items |
|
| CPEs | cpe:2.3:a:wordpress_plugin:special_feed_items:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Wordpress Plugin
Wordpress Plugin special Feed Items |
|
| Metrics |
cvssV3_1
|
Tue, 17 Sep 2024 06:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |
| Title | Special Feed Items <= 1.0.1 - Stored XSS via CSRF | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-17T06:00:05.472Z
Updated: 2024-09-17T14:18:08.922Z
Reserved: 2024-08-21T17:26:41.084Z
Link: CVE-2024-8051
Vulnrichment
Updated: 2024-09-17T14:09:00.438Z
NVD
Status : Analyzed
Published: 2024-09-17T06:15:02.690
Modified: 2024-09-27T18:19:41.863
Link: CVE-2024-8051
Redhat
No data.