CVE-2022-22734 – Simple Quotation <= 1.3.2 - Quote Creation/Edition via CSRF to Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2022-22734

The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them El plugin Simple Quotation de WordPress versiones hasta 1.3.2, no presenta una comprobación de tipo CSRF cuando es creada o editada una cotización y no sanea ni escapa las cotizaciones. Como resultado, un atacante podría hacer que un administrador conectado creara o editara una cotización arbitraria, y poner cargas útiles de tipo Cross-Site Scripting en ellas The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them. • https://wpscan.com/vulnerability/f6e15a23-8f8c-47c2-8227-e277856d8251 • CWE-116: Improper Encoding or Escaping of Output CWE-352: Cross-Site Request Forgery (CSRF) •