National Cyber Warfare Foundation (NCWF) Forums


CVE-2023-0058
0 user ratings		2023-08-20 16:02:07
milo
CVEs
 - archive -- 
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

CVE-2023-0058
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0058
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
2023-08-16T12:15:11Z

Source: CVEAnnouncements
Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0058

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
CVEs


Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.