The Coru LFMember WordPress plugin up to and including 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing malicious user to make a logged in admin add an arbitrary game with XSS payloads
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
marcorulicke coru lfmember |