WordPress Plugin Vulnerabilities
Blue Admin <= 21.06.01 - CSRF to Stored Cross-Site Scripting (XSS)
Description
The plugin does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack.
Proof of Concept
Affects Plugins
No known fix References
CVE
Classification
Type
XSS
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
ABISHEIK M
Submitter
ABISHEIK M
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2021-07-27 (about 4 years ago)
Added
2021-07-27 (about 4 years ago)
Last Updated
2022-02-24 (about 3 years ago)
WPScan 