CVE-2024-5767

Name of the Vulnerable Software and Affected Versions: sitetweet WordPress plugin versions 0.2 and earlier

Description: The issue concerns a lack of CSRF check in some areas of the plugin, along with missing sanitization and escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.

Recommendations: For sitetweet WordPress plugin versions 0.2 and earlier, update to a version that includes proper CSRF checks, sanitization, and escaping to prevent potential Stored XSS attacks via CSRF. At the moment, there is no information about a newer version that contains a fix for this vulnerability.