CVE-2023-0603
Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF
Vexday Risk Score
26Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 13.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
08 May 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Unknown · Sloth Logo CustomizerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →