CVE-2015-10001

CVE-2015-10001

The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads

Source: CVE-2015-10001

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다