XSS can be exploited to execute arbitrary script code in user session or obtain confidential information (CSRF). BlueSpice is currently the only confirmed XSS vulnerability in the WordPress community. It is recommended for plugin and theme developers to apply fixes as soon as possible. XSS can be exploited to execute arbitrary script code in user session or obtain confidential information (CSRF). BlueSpice is currently the only confirmed XSS vulnerability in the WordPress community. It is recommended for plugin and theme developers to apply fixes as soon as possible. You can read more details about XSS at https://www.WordPress.org/XSS
Impacted Plugins:
BlueSpiceMenu, BlueSpiceCustomMenu
Impacted Themes:
XBSPress, XBSPress Theme, XBSPress Theme Pro, XBSPress Theme Pro v1, XBSPress Theme Pro v2
Cross-site Request Forgery (CSRF) vulnerability in BlueSpice allows user with admin permissions to hijack another user's session. This may lead to access to unauthorized data or system modification.
With the help of CSRF, an attacker can change the status of any resource on the website to complete access.
Definition of Cross-site Request Forgery (CSRF)
The Cross-site Request Forgery (CSRF) vulnerability allows an attacker to hijack another user's session. This may lead to access to unauthorized data or system modification.
Vulnerability Details
BlueSpice is the only confirmed XSS vulnerability in the WordPress community. It is currently recommended for plugin and theme developers to apply fixes as soon as possible.
Summary of Cross-site Request Forgery (CSRF) vulnerability
There is currently a CSRF vulnerability in the WordPress community on BlueSpice. It is recommended for plugin and theme developers to apply fixes as soon as possible. You can read more details about XSS at https://www.WordPress.org/XSS
Timeline
Published on: 11/15/2022 15:15:00 UTC
Last modified on: 11/16/2022 19:43:00 UTC