Lucene search
WpvulndbWPVDB-ID:A98F74AA-CC0E-4E8C-8E34-B18D972E94DCHistoryJun 16, 2022 - 12:00 a.m.
Button Widget Smartsoft <= 1.0.1 - Arbitrary Settings Update to Stored XSS via CSRF
2022-06-1600:00:00
wpscan.com
7
widget smartsoft
arbitrary settings update
stored xss
csrf
sanitisation
escaping
security vulnerability
EPSS
0.001
Percentile
50.5%
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as put XSS payloads in them due to the lack of sanitisation and escaping
Related
patchstack
patchstack
nvd
nvd
CVE-2022-1912
2022-07-18 17:15:08
cvelist
cvelist
CVE-2022-1912
2022-07-18 16:16:27
cve
cve
CVE-2022-1912
2022-07-18 17:15:08
prion
prion
Cross site request forgery (csrf)
2022-07-18 17:15:00