The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Solidcode |
|
No data.
References
History
Thu, 12 Jun 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Solidcode
Solidcode peoplepond |
|
| Weaknesses | CWE-352 | |
| CPEs | cpe:2.3:a:solidcode:peoplepond:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Solidcode
Solidcode peoplepond |
Tue, 20 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Thu, 15 May 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The PeoplePond WordPress plugin through 1.1.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | |
| Title | PeoplePond <= 1.1.9 - CSRF to Stored XSS | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2025-05-15T20:07:13.392Z
Updated: 2025-05-20T19:20:25.086Z
Reserved: 2024-08-22T12:39:31.779Z
Link: CVE-2024-8085
Vulnrichment
Updated: 2025-05-19T20:25:00.325Z
NVD
Status : Analyzed
Published: 2025-05-15T20:15:57.673
Modified: 2025-06-12T16:54:30.820
Link: CVE-2024-8085
Redhat
No data.