Beta

Report

Social Stickers <= 2.2.9 is vulnerable to Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Unauthenticated
Published
2022-04-19

The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.

CVE

https://www.cve.org/CVERecord?id=CVE-2022-1418

CVSS

Score:5.4

Severity:Medium

Version: 2.2.9

The plugin vendor has not patched this vulnerability at the moment.