Lucene search
Nithissh SathishWPVDB-ID:1C93EA8F-4E68-4DA1-994E-35A5873278BAHistoryApr 17, 2023 - 12:00 a.m.
Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF
2023-04-1700:00:00
Nithissh Sathish
wpscan.com
5
stored xss
csrf attack
plugin vulnerability
missing sanitisation
escaping missing
EPSS
0.002
Percentile
57.1%
The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
PoC
Make a logged in Admin open a page containing the HTML code below
Related
nvd
nvd
CVE-2023-0603
2023-05-08 14:15:11
prion
prion
Cross site request forgery (csrf)
2023-05-08 14:15:00
cvelist
cvelist
CVE-2023-0603 Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF
2023-05-08 13:58:23
cve
cve
CVE-2023-0603
2023-05-08 14:15:11
wpexploit
wpexploit
Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF
2023-04-17 00:00:00
wordfence
wordfence