Lucene search
HistoryJan 16, 2024 - 4:15 p.m.
CVE-2022-1618
coru lfmember plugin
csrf check
sanitisation
xss attacks
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.0%
The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads
Affected configurations
Node
marcorulickecoru_lfmemberRange≤1.0.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| marcorulicke | coru_lfmember | * | cpe:2.3:a:marcorulicke:coru_lfmember:*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF
2022-04-26 00:00:00
cvelist
cvelist
CVE-2022-1618 Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF
2024-01-16 15:52:50
prion
prion
Cross site request forgery (csrf)
2024-01-16 16:15:00
vulnrichment
vulnrichment
CVE-2022-1618 Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF
2024-01-16 15:52:50
cve
cve
CVE-2022-1618
2024-01-16 16:15:09
wpexploit
wpexploit
Coru LFMember <= 1.0.2 - Stored Cross-Site Scripting via CSRF
2022-04-26 00:00:00
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
17.0%
Related for NVD:CVE-2022-1618