Cross-Site Scripting and CSRF Vulnerability in Pixel Cat WordPress Plugin

Cross-Site Scripting and CSRF Vulnerability in Pixel Cat WordPress Plugin

CVE-2021-24922 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin change them and perform Cross-Site Scripting attacks

Learn more about our Wordpress Pen Testing.