CVE-2021-4418 in Custom CSS, JS & PHP Plugininformação

Sumário

de MITRE • 25/10/2023

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsável

Wordfence

Reservar

11/07/2023

Divulgação

25/10/2023

Moderação

aceite

Entrada

VDB-243041

CPE

pronto

EPSS

0.00397

KEV

não

Atividades

muito baixo

Fontes

Do you know our Splunk app?

Download it now for free!