The Lightbox Plus Colorbox plugin through 2.7.2 for WordPress has cross-site request forgery (CSRF) via wp-admin/admin.php?page=lightboxplus, as demonstrated by resultant width XSS.
References
Link | Resource |
---|---|
https://wordpress.org/plugins/lightbox-plus/#developers | Third Party Advisory |
https://www.pluginvulnerabilities.com/2016/04/05/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-lightbox-plus-colorbox/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-09T12:35:45
Updated: 2019-08-09T12:35:45
Reserved: 2019-08-09T00:00:00
Link: CVE-2016-10865
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-09T13:15:11.573
Modified: 2019-08-15T13:26:25.280
Link: CVE-2016-10865
JSON object: View
Redhat Information
No data.
CWE