Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting
Vulnerability Description
The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin change them and perform Cross-Site Scripting attacks
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
WordPress plugin 跨站请求伪造漏洞
Vulnerability Description
WordPress plugin是WordPress开源的一个应用插件。 Wordpress Plugin WP Extra File Types 中存在跨站请求伪造漏洞,该漏洞源于产品在保存配置时未对一些设置进行安全处理。攻击者可通过该漏洞导致客户端代码执行。以下产品及版本受到影响:Wordpress Plugin WP Extra File Types 0.5.1 之前版本。
CVSS Information
N/A
Vulnerability Type
N/A