Vulnerabilities > CVE-2022-1787 - Unspecified vulnerability in Sideblog Project Sideblog 3.8/5.1/6.0

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sideblog-project

NVD

Published: 2022-06-13

Updated: 2024-11-21

Summary

The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

Vulnerable Configurations

Part	Description	Count
Application	Sideblog_Project Sideblog Project Sideblog - Sideblog Project Sideblog 3.8 Sideblog Project Sideblog 5.1 Sideblog Project Sideblog 6.0	4

References

https://wpscan.com/vulnerability/b85920b3-dfc1-4112-abd8-ce6a5d91ae0d
https://wpscan.com/vulnerability/b85920b3-dfc1-4112-abd8-ce6a5d91ae0d