CVE-2024-8051

MEDIUM Year: 2024
CVSS v3 Score
5.7
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

Related Vulnerabilities

CVE-2016-4315

MEDIUM
CVSS:5.7(Medium)

Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action ...

CWE-3522016

CVE-2017-14956

MEDIUM
CVSS:5.7(Medium)

AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local do...

CWE-3522017

CVE-2017-5528

MEDIUM
CVSS:5.7(Medium)

Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of thi...

CWE-3522017

CVE-2019-14680

MEDIUM
CVSS:5.7(Medium)

The admin-renamer-extended (aka Admin renamer extended) plugin 3.2.1 for WordPress allows wp-admin/plugins.php?page=admin-renamer-extended/admin.php CSRF.

CWE-3522019

CVE-2019-14683

MEDIUM
CVSS:5.7(Medium)

The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.

CWE-3522019

CVE-2019-7730

MEDIUM
CVSS:5.7(Medium)

MyWebSQL 3.7 has a Cross-site request forgery (CSRF) vulnerability for deleting a database via the /?q=wrkfrm&type=databases URI.

CWE-3522019