The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Smyx |
|
No data.
References
History
Mon, 09 Jun 2025 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Smyx
Smyx wp-connect |
|
| Weaknesses | CWE-352 | |
| CPEs | cpe:2.3:a:smyx:wp-connect:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Smyx
Smyx wp-connect |
Tue, 20 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Thu, 15 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |
| Title | WordPress连接微博 <= 2.5.6 - Stored XSS via CSRF | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2025-05-15T20:06:52.549Z
Updated: 2025-05-20T19:33:10.397Z
Reserved: 2024-12-05T19:48:38.396Z
Link: CVE-2024-12282
Vulnrichment
Updated: 2025-05-19T20:34:58.907Z
NVD
Status : Analyzed
Published: 2025-05-15T20:15:35.740
Modified: 2025-06-09T18:41:15.260
Link: CVE-2024-12282
Redhat
No data.