The AZAN Plugin WordPress plugin through 0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Wp-master
  • Azan

Configuration 1 [-]

cpe:2.3:a:wp-master:azan:*:*:*:*:*:wordpress:*:*

No data.

References
Link Providers
https://wpscan.com/vulnerability/19cd60dd-8599-4af3-99db-c42de504606c/ cve-icon cve-icon cve-icon
History

Tue, 13 May 2025 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Wp-master
Wp-master azan
Weaknesses CWE-352
CPEs cpe:2.3:a:wp-master:azan:*:*:*:*:*:wordpress:*:*
Vendors & Products Wp-master
Wp-master azan
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-06-14T06:00:04.102Z

Updated: 2024-08-01T20:26:57.248Z

Reserved: 2024-04-19T14:28:30.339Z

Link: CVE-2024-3993

cve-icon Vulnrichment

Updated: 2024-08-01T20:26:57.248Z

cve-icon NVD

Status : Analyzed

Published: 2024-06-14T06:15:12.680

Modified: 2025-05-13T01:52:53.460

Link: CVE-2024-3993

cve-icon Redhat

No data.