WordPress Plugin Vulnerabilities
Demon Image Annotation < 4.8 - Arbitrary Settings Update to Stored XSS via CSRF
Description
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping in some of them, it could also lead to Stored Cross-Site Scripting
Affects Plugins
References
CVE
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Yamato Kamioka
Verified
No
WPVDB ID
Timeline
Publicly Published
2022-09-21 (about 1 years ago)
Added
2022-09-22 (about 1 years ago)
Last Updated
2022-09-22 (about 1 years ago)