Vulnerabilities > CVE-2022-1780 - Unspecified vulnerability in Latex Project Latex 3.4.10

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

latex-project

NVD

Published: 2022-06-13

Updated: 2024-11-21

Summary

The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

Vulnerable Configurations

Part	Description	Count
Application	Latex_Project Latex Project Latex - Latex Project Latex 3.4.10	2

References

https://wpscan.com/vulnerability/dd22ea1e-49a9-4b06-8dd9-bb224110f98a
https://wpscan.com/vulnerability/dd22ea1e-49a9-4b06-8dd9-bb224110f98a