WordPress Pagebar plugin <= 2.65 - Stored XSS Vulnerability

Kailash · Jun 15, 2022, 09:52 AM

WordPress Pagebar plugin <= 2.65 - Arbitrary Settings Update via CSRF vulnerability to Stored XSS

Plugin name: WordPress Pagebar plugin
Vulnerable versions: <= 2.65
Fixed in: N/A
CVE ID: CVE-2022-1757
Classification: Cross Site Request Forgery (CSRF)
Publicly disclosed: 2022-06-15

Vulnerability Details

Arbitrary Settings Update via CSRF vulnerability to Stored XSS discovered by Daniel Ruf in WordPress Pagebar plugin (versions <= 2.65)

Solution

Deactivate and delete. This plugin has been closed as of June 14, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin Link: N/A

Search

User

Shoutbox

Recent

Stats

Members

Stats

Users Online

Online

WordPress Pagebar plugin <= 2.65 - Stored XSS Vulnerability

Kailash