The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS.
References
Link | Resource |
---|---|
https://www.wordfence.com/blog/2020/03/vulnerabilities-patched-in-the-data-tables-generator-by-supsystic-plugin/ | Third Party Advisory |
Configurations
Information
Published : 2020-04-22 19:15
Updated : 2020-04-29 10:16
NVD link : CVE-2020-12076
Mitre link : CVE-2020-12076
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
supsystic
- data_tables_generator