all InfoSec News logo
all InfoSec News - Your InfoSec news aggregator
Log in Sign up
all InfoSec News

Sitetweet <= 0.2 - Stored XSS via CSRFThe sitetweet WordPress plugin through ...

Add to bookmarks
July 2, 2024, 6 a.m. |

CVE | THREATINT - NEW cve.threatint.com

The sitetweet WordPress plugin through 0.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored X...

admin attackers check csrf missing places plugin stored xss wordpress wordpress plugin xss

Visit resource

More from cve.threatint.com / CVE | THREATINT - NEW

playSMS Template injectionA vulnerability was found in playSMS 1.4.3. It has ... 19 hours ago | cve.threatint.com
amp app file found +7
Red Lion Europe: mbNET.mini vulnerable to OS command injectionA high privileg... 19 hours ago | cve.threatint.com
attacker can command commands +8
Uncontrolled Resource Consumption vulnerability in MESbookUncontrolled Resour... 20 hours ago | cve.threatint.com
attacker can code inject +8
Information exposure vulnerability vulnerability in MESbookInformation exposu... 20 hours ago | cve.threatint.com
access api attacker changing +8
playSMS Template injectionA vulnerability was found in playSMS 1.4.3. It has ... 21 hours ago | cve.threatint.com
amp app file found +5
Limited DoS due to permitting creating users with user-defined IDsMattermost ... 23 hours ago | cve.threatint.com
attacker defined dos fail +2
RemoteClusterFrame payloads are audit logged in fullMattermost versions 9.5.x... 23 hours ago | cve.threatint.com
access attacker audit audit logs +7
Creating posts with user-defined IDs permitted in CreatePost APIMattermost ve... 23 hours ago | cve.threatint.com
attacker defined fail ids +3
Timing attack during remote cluster token comparison when shared channels are... 23 hours ago | cve.threatint.com
attack cluster fail mattermost +4

Jobs in InfoSec / Cybersecurity

Find Talent

All-Source Analyst (Watch Floor) - Senior

@ Global Dimensions | Columbia, Maryland, United States
View on infosec-jobs.com

Field Account Executive

@ Darktrace | Kentucky, United States
View on infosec-jobs.com

Technical Operations Engineer - International

@ Anduril | London, England, United Kingdom
View on infosec-jobs.com

Associate Analyst - Managed Security Services

@ Millennium IT ESP | Madhupur Upazila, Dhaka Division, Bangladesh
View on infosec-jobs.com

Associate Analyst - Managed Security Services

@ Millennium IT ESP | Klang, Selangor, Malaysia
View on infosec-jobs.com

Associate Analyst - Managed Security Services

@ Millennium IT ESP | Colombo, WP, Sri Lanka
View on infosec-jobs.com