Lucene search
WpvulndbWPVDB-ID:F4554EE1-28E2-42E7-87BE-B4ED8199580CHistoryJun 22, 2022 - 12:00 a.m.
DX Share Selection < 1.5 - Stored Cross-Site Scripting via CSRF
2022-06-2200:00:00
wpscan.com
5
plugin
csrf attack
xss payloads
EPSS
0.001
Percentile
45.0%
The plugin does not have CSRF check in place when updating its settings and is lacking escaping as well as sanitisation in some of them, which could allow attackers to make a logged in admin change them and put XSS payloads in them via a CSRF attack
Related
prion
prion
Cross site request forgery (csrf)
2022-07-18 17:15:00
cvelist
cvelist
CVE-2022-2001
2022-07-18 16:17:07
nvd
nvd
CVE-2022-2001
2022-07-18 17:15:08
cve
cve
CVE-2022-2001
2022-07-18 17:15:08
patchstack
patchstack