The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Alaingg
Alaingg accordion Image Menu |
|
CPEs | cpe:2.3:a:alaingg:accordion_image_menu:*:*:*:*:*:*:*:* | |
Vendors & Products |
Alaingg
Alaingg accordion Image Menu |
|
Metrics |
cvssV3_1
|
Tue, 17 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |
Title | Accordion Image Menu <= 3.1.3 - Stored XSS via CSRF | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-17T06:00:06.467Z
Updated: 2024-09-17T14:48:11.466Z
Reserved: 2024-08-22T13:10:19.124Z
Link: CVE-2024-8092
Vulnrichment
Updated: 2024-09-17T14:48:02.778Z
NVD
Status : Awaiting Analysis
Published: 2024-09-17T06:15:02.920
Modified: 2024-09-20T12:31:20.110
Link: CVE-2024-8092
Redhat
No data.