CVE-2025-1436 - CERT CVE
ID CVE-2025-1436
Sažetak The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Reference
CVSS
Base: 7.1
Impact: 3.7
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW LOW
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Zadnje važnije ažuriranje 29-04-2025 - 14:31
Objavljeno 13-03-2025 - 06:15