Security Advisory

CVE-2021-42364

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-29 18:10:33

Last updated 2025-02-13 20:48:26

Assigner Wordfence

State PUBLISHED

Description

The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6.

← Browse all CVEs View on cve.org ↗