mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-05 10:17:57 +00:00
925 B
925 B
CVE-2022-1618
&color=brighgreen)
&color=brighgreen)
Description
The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads
POC
Reference
Github
No PoCs found on GitHub currently.