← volver
CVE-2022-1557

ULeak Security & Monitoring <= 1.2.3 - Subscriber+ Stored Cross-Site Scripting

EPSS 1.1%CWE-79
The ULeak Security & Monitoring WordPress plugin through 1.2.3 does not have authorisation and CSRF checks when updating its settings, and is also lacking sanitisation as well as escaping in some of them, which could allow any authenticated users such as subscriber to perform Stored Cross-Site Scripting attacks against admins viewing the settings
Productos afectados
Unknown · ULeak Security & Monitoring Plugin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://packetstormsecurity.com/files/166564/https://wpscan.com/vulnerability/e2b6dbf5-8709-4a2c-90be-3214ff55ed56