CVE-2023-7269

CWE-352Cross-Site Request Forgery (CSRF)CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
7.5HIGH
EPSS
0.1%
top 75.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Artplacer WidgetArtplacer Artplacer Widget
Timeline
PublishedJul 19

Description

The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:LExploitability: 1.7 | Impact: 5.3

Affected Packages2 packages

CVEListV5unknown/artplacer_widget< 2.21.2

🔴Vulnerability Details

2
CVEList
ArtPlacer Widget < 2.21.2 - Stored XSS via CSRF2024-07-19
GHSA
GHSA-w4jg-m5rc-ppx7: The ArtPlacer Widget WordPress plugin before 22024-07-19
CVE-2023-7269 (HIGH CVSS 7.5) | The ArtPlacer Widget WordPress plug | cvebase.io