CVE-2021-24922

Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting

EPSS 0.5%CWE-352

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 dic 2021Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks

Productos afectados

Unknown · Pixel Cat – Conversion Pixel Manager

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://wpscan.com/vulnerability/399ffd65-f3c0-4fbe-a83a-2a620976aad2