CVE-2022-36417 – WordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

https://notcve.org/view.php?id=CVE-2022-36417

22 Sep 2022 — Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin <= 3.8 at WordPress. Una vulnerabilidad múltiple de tipo Cross-Site Scripting (XSS) por medio de un ataque de tipo Cross-Site Request Forgery (CSRF) en el plugin 3D Tag Cloud versiones anteriores a 3.8 incluyéndola en WordPress. The 3D Tag Cloud plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.8. This is due to missing or incorrect nonce va... • https://patchstack.com/database/vulnerability/cardoza-3d-tag-cloud/wordpress-3d-tag-cloud-plugin-3-8-multiple-stored-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability/_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •