PT-2018-17500 · Acurax · Acurax-Social-Media-Widget
Panagiotis Vagenas
·
Publicado
2018-01-27
·
Atualizado
2020-08-24
·
CVE-2018-6357
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
acurax-social-media-widget plugin versions prior to 3.2.6
Description
The issue concerns a CSRF vulnerability via the
recordsArray parameter to the "/wp-admin/admin-ajax.php" API endpoint, potentially leading to social widget icon array order XSS.Recommendations
For versions prior to 3.2.6, update to version 3.2.6 or later to resolve the issue.
Exploit
Correção
CSRF
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Acurax-Social-Media-Widget