Vulnerabilities > Kreci > Subscribers Text Counter > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-30 CVE-2023-3356 Cross-Site Request Forgery (CSRF) vulnerability in Kreci Subscribers Text Counter
The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
network
low complexity
kreci CWE-352
4.3