3D Tag Cloud by Vinoj Cardoza <= 3.8 - Stored XSS via CSRF
LANACOMMONVDB ID: c5598d13-6b72-428c-b5d2-90760646e633
The plugin does not have Cross-Site Request Forgery (CSRF) check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored Cross-Site Scripting (XSS) payloads via a Cross-Site Request Forgery (CSRF) attack.
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2022-09-04
- Published
- 2022-10-27
- Affected Version
- <= 3.8
Classification
- Type
- Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS)
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
