03 Oct 2022
Vulnérabilité CVE-2022-2839 CVE Vulnerability
The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins. (CVSS:0.0) (Last Update:2022-10-03)
Vulnerability Details : The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins. Publish Date : 2022-10-03 Last Update Date : 2022-10-03 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2022-2839
- References For CVE-2022-2839
| ||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2022-2839There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |