User

Welcome to WordPress Community Forum. Please login or sign up.

Nov 25, 2024, 10:12 AM

Login with username, password and session length

Shoutbox

Recent

Stats

Members
Stats
  • Total Posts: 55
  • Total Topics: 45
  • Online today: 5
  • Online ever: 136 (Apr 17, 2022, 11:37 PM)
Users Online
  • Users: 0
  • Guests: 6
  • Total: 6

Online

6 Guests, 0 Users

WordPress WPMK Ajax Finder plugin vulnerability

Started by Kailash, Jun 02, 2022, 01:43 AM

Previous topic - Next topic

WordPress Premium Themes


Print
Go Down Pages1
User actions

Kailash

Jun 02, 2022, 01:43 AM
WordPress WPMK Ajax Finder plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) via CSRF vulnerability

Plugin name: WPMK Ajax Finder
Vulnerable versions: <= 1.0.1
Fixed in: NA (Not Available)
CVE ID: CVE-2022-1749
Classification: Cross Site Request Forgery (CSRF)
Publicly disclosed:  2022-06-01

Vulnerability Details

Stored Cross-Site Scripting (XSS) via CSRF vulnerability discovered by Tsubasa Imaizumi (Cryptography Laboratory in Tokyo Denki University) in WordPress WPMK Ajax Finder plugin (versions <= 1.0.1).

Solution

Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure is temporary, pending a full review.

Plugin Link: https://wordpress.org/plugins/find-any-think/

WordPress Premium Themes


Print
Go Up Pages1
User actions