CVE-2022-2171 – The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when savi …

1 August 2022

Vuln ID: CVE-2022-2171

Published: 2022-08-01 13:15:10Z

Description: The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well.

Source: NVD.NIST.GOV

Date:

1 August 2022

Categorie(s):

NVD

Tag(s):

NVD

Phishing Scams in the Gaming Community20 April 2024
Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks20 April 2024
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack20 April 2024
How APIs Help To Improve Your Customers’ Experience [5 Tips]20 April 2024
Essential Cyber Security Plan for Small Business20 April 2024