The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/0e677df9-2c49-42f0-a8e2-dbcf85bfc1a2 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-08-16T11:03:23.680Z
Updated: 2023-08-16T11:03:23.680Z
Reserved: 2023-01-05T02:12:37.891Z
Link: CVE-2023-0058
JSON object: View
NVD Information
Status : Modified
Published: 2023-08-16T12:15:11.977
Modified: 2023-11-07T03:59:31.437
Link: CVE-2023-0058
JSON object: View
Redhat Information
No data.
CWE
No CWE.