CVE | CVE-2023-6499 |
CVE Title | |
Published Date | 2024-02-12T16:15Z |
Modified Date | 2024-02-12T17:31Z |
Description | The lasTunes WordPress plugin through 3.6.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack |
References | |
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites. | |
Reference URL | https://wpscan.com/vulnerability/69592e52-92db-4e30-92ca-b7b3d5b9185d/ |
Reference Description | https://wpscan.com/vulnerability/69592e52-92db-4e30-92ca-b7b3d5b9185d/ |
Reference Description | |
Sources | NIST MITRE |
Note
- No CVSS data for this CVE