cve/CVE-2024-5077.md at a8969e132322a214e7b78da5711159d6f891f0ab

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio d6bcaa53f2 Update CVE sources 2024-07-25 21:25

2024-07-25 21:25:12 +00:00

Description

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

POC

Reference

https://wpscan.com/vulnerability/00fcbcf3-41ee-45e7-a0a9-0d46cb7ef859/

Github

https://github.com/20142995/nuclei-templates

921 B Raw Blame History

CVE-2024-5077

Description

POC

Reference

Github

921 B

Raw Blame History