PT-2024-33870 · WordPress · Wp Stacker
Bob Matyas
·
Published
2024-06-07
·
Updated
2024-07-18
·
CVE-2024-5003
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
WP Stacker WordPress plugin versions 1.8.5 and earlier
Description:
The issue concerns a lack of CSRF check in some areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.
Recommendations:
For WP Stacker WordPress plugin versions 1.8.5 and earlier, update to a version that includes the necessary CSRF checks and proper sanitization and escaping to prevent Stored XSS payloads from being added.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Stacker