The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/f5c3dfea-7203-4a98-88ff-aa6a24d03734 | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2015/06/17/6 | Exploit Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-11-01T08:45:47
Updated: 2021-11-01T08:45:47
Reserved: 2021-10-31T00:00:00
Link: CVE-2015-10001
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-11-01T09:15:07.897
Modified: 2021-11-03T14:41:30.327
Link: CVE-2015-10001
JSON object: View
Redhat Information
No data.
CWE