1 results (0.002 seconds)
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0603 – Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF
https://notcve.org/view.php?id=CVE-2023-0603
17 Apr 2023 — The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack The Sloth Logo Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the setting() function. This makes it possible for unauthenticated atta... • https://wpscan.com/vulnerability/1c93ea8f-4e68-4da1-994e-35a5873278ba • CWE-352: Cross-Site Request Forgery (CSRF) •