Overview
- Description
- The Remove Footer Credit WordPress plugin before 1.0.6 does not have CSRF check in place when saving its settings, which could allow attacker to make logged in admins change them and lead to Stored XSS issue as well due to the lack of sanitisation
- Source
- contact@wpscan.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- contact@wpscan.com
- CWE-352
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpchill:remove_footer_credit:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "F318AD27-8D8D-4BB7-95A6-508790B31031",
"versionEndExcluding": "1.0.6"
}
],
"operator": "OR"
}
]
}
]