National Cyber Warfare Foundation (NCWF)

CVE-2023-0058


0 user ratings
2023-08-20 16:02:07
milo
CVEs

 - archive -- 
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

CVE-2023-0058
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0058
The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
2023-08-16T12:15:11Z

Source: CVEAnnouncements
Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0058


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
CVEs



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.