2 results (0.001 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. El complemento reCAPTCHA Jetpack WordPress hasta la versión 0.2.2 no tiene verificación CSRF en algunos lugares y le falta sanitización y escape, lo que podría permitir a los atacantes hacer que el administrador conectado agregue payloads XSS almacenado a través de un ataque CSRF. The reCAPTCHA Jetpack plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.2. This is due to missing or incorrect nonce validation on the recaptcha-jetpack page. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/6e09e922-983c-4406-8053-747d839995d1 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack El complemento reCAPTCHA Jetpack WordPress hasta la versión 0.2.2 no tiene activada la verificación CSRF al actualizar su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF. The reCAPTCHA Jetpack plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.2. This is due to missing or incorrect nonce validation on the recaptcha-jetpack page. This makes it possible for unauthenticated attackers to update settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/bb0245e5-8e94-4f11-9003-d6208945056c • CWE-352: Cross-Site Request Forgery (CSRF) •