Unauthenticated Stored Cross-Site Scripting in Crazy Bone WordPress Plugin

Unauthenticated Stored Cross-Site Scripting in Crazy Bone WordPress Plugin

CVE-2022-0385 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting

Learn more about our Wordpress Pen Testing.