CVEs-PoC/2023/CVE-2023-3356.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-11 00:14:52 +02:00

Files

T

0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49

2024-05-28 08:49:17 +00:00

Description

The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

POC

Reference

https://wpscan.com/vulnerability/93faad5b-e1e8-4e49-b19e-b91343d68b51

Github

https://github.com/fkie-cad/nvd-json-data-feeds

1008 B Raw Blame History

CVE-2023-3356

Description

POC

Reference

Github

1008 B

Raw Blame History