Lucene search
WpvulndbWPVDB-ID:2B85D66A-91D2-4EBF-BD3B-0D9C4388D29FHistoryJan 19, 2024 - 12:00 a.m.
Custom Dashboard Widgets <= 1.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via cdw_DashboardWidgets
2024-01-1900:00:00
wpscan.com
7
wordpress
cross-site request forgery
cross-site scripting
plugin
vulnerability
Description The Custom Dashboard Widgets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ‘cdw_DashboardWidgets’ function. This makes it possible for unauthenticated attackers to modify the plugin’s settings, including adding a Cross-Site Scripting payload, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Related
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2024-01-31 12:16:00
cve
cve
CVE-2024-22290
2024-01-31 12:16:05
nvd
nvd
CVE-2024-22290
2024-01-31 12:16:05
wordfence
wordfence
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
24.1%
Related for WPVDB-ID:2B85D66A-91D2-4EBF-BD3B-0D9C4388D29F