Lucene search
WpvulndbWPVDB-ID:B3F0CFFE-4ADB-4D42-B3C9-009CFEBBC522HistoryMay 06, 2022 - 12:00 a.m.
PNG to JPG < 4.1 - Stored Cross-Site Scripting via CSRF
2022-05-0600:00:00
wpscan.com
6
png to jpg
csrf
settings update
attackers
stored xss
EPSS
0.001
Percentile
20.8%
The plugin does not have CSRF check in place when updating its settings, allowing attackers to make a logged in admin do such action via a CSRF attack which could lead to Stored XSS issues due to the lack of sanitisation and escaping in some of them.
Related
patchstack
patchstack
prion
prion
Cross site scripting
2022-05-20 21:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-29430
2022-05-20 21:15:10
cve
cve
CVE-2022-29430
2022-05-20 21:15:10