CVE-2022-1618

Name of the Vulnerable Software and Affected Versions The Coru LFMember WordPress plugin versions 1.0.2 and earlier

Description The issue is related to the lack of CSRF check when adding a new game and insufficient sanitization and escaping in the settings. This allows an attacker to make a logged-in admin add an arbitrary game with XSS payloads.

Recommendations For versions 1.0.2 and earlier, update to a version that includes proper CSRF checks and sanitization to prevent exploitation. As a temporary workaround, consider restricting access to the game addition feature to minimize the risk of exploitation.