CVE-2023-0058 (tiempo) | allinfosecnews.com

Aug. 16, 2023, 12:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

admin attack attackers check csrf csrf attack cve editing missing plugin stored xss wordpress wordpress plugin xss

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months ago | web.nvd.nist.gov

attackers cve denial of service issue +1

CVE-2023-40101 (android) 6 months ago | web.nvd.nist.gov

android check collapse cve +7

CVE-2023-21377 (android) 6 months ago | web.nvd.nist.gov

android bypass cve disclosure +8

CVE-2023-21380 (android) 6 months ago | web.nvd.nist.gov

android bluetooth buffer buffer overflow +9

CVE-2023-21382 (android) 6 months ago | web.nvd.nist.gov

access android check cve +11

CVE-2023-21381 (android) 6 months ago | web.nvd.nist.gov

android arbitrary code code code execution +10

CVE-2023-21385 (android) 6 months ago | web.nvd.nist.gov

android corruption cve disclosure +7

CVE-2023-21387 (android) 6 months ago | web.nvd.nist.gov

android backup bypass cve +11

CVE-2023-21389 (android) 6 months ago | web.nvd.nist.gov

android bypass check cve +10

Azure DevSecOps Cloud Engineer II

@ Prudent Technology | McLean, VA, USA

View on infosec-jobs.com

Security Engineer III - Python, AWS

@ JPMorgan Chase & Co. | Bengaluru, Karnataka, India

View on infosec-jobs.com

SOC Analyst (Threat Hunter)

@ NCS | Singapore, Singapore

View on infosec-jobs.com

Managed Services Information Security Manager

@ NTT DATA | Sydney, Australia

View on infosec-jobs.com

Senior Security Engineer (Remote)

@ Mattermost | United Kingdom

View on infosec-jobs.com

Penetration Tester (Part Time & Remote)

@ TestPros | United States - Remote

View on infosec-jobs.com