Cross-Site Scripting and CSRF Vulnerability in Pixel Cat WordPress Plugin
CVE-2021-24922 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks
Learn more about our Wordpress Pen Testing.