WordPress Photo Video Store plugin <= 21.07 - CSRF to Cross Site Scripting (XSS) vulnerability
CVE-2024-53782
7.1HIGH
Summary
The CSRF vulnerability in CMSaccount's Photo Video Store allows malicious actors to exploit the application by tricking users into executing unwanted actions. This vulnerability can lead to the potential execution of Cross-Site Scripting (XSS) attacks, compromising user accounts and sensitive data. Affected versions include all prior to 21.07, highlighting essential mitigation measures for users to secure their installations.
Affected Version(s)
Photo Video Store <= 21.07
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
SOPROBRO (Patchstack Alliance)