Lucene search
Daniel RufWPVDB-ID:3D1F90D9-45DA-42F8-93F8-15C8A4FF90CAHistoryJun 15, 2022 - 12:00 a.m.
Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF
2022-06-1500:00:00
Daniel Ruf
wpscan.com
10
sharebar
vulnerability
stored xss
csrf
settings update
admin.
EPSS
0.001
Percentile
21.2%
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them
PoC
Related
prion
prion
Cross site scripting
2022-07-11 13:15:00
cvelist
cvelist
wpexploit
wpexploit
Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF
2022-06-15 00:00:00
nvd
nvd
CVE-2022-1626
2022-07-11 13:15:08
cnvd
cnvd
WordPress Sharebar plugin cross-site request forgery vulnerability
2022-07-13 00:00:00
cve
cve
CVE-2022-1626
2022-07-11 13:15:08
patchstack
patchstack