PT-2024-32661 · WordPress · The Logo Manager For Enamad
Bob Matyas
·
Published
2024-06-25
·
Updated
2024-07-03
·
CVE-2024-4757
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
The Logo Manager For Enamad WordPress plugin versions through 0.7.0
Description
The issue concerns a lack of CSRF check in some areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.
Recommendations
For versions through 0.7.0, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the plugin's functionality to minimize the risk of CSRF attacks. Avoid using the plugin for administrative tasks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
The Logo Manager For Enamad