← back
CVE-2021-24922

Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting

EPSS 0.5%CWE-352
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
13 Dec 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks
Affected products
Unknown · Pixel Cat – Conversion Pixel Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/399ffd65-f3c0-4fbe-a83a-2a620976aad2