Unrated severityNVD Advisory· Published Jun 27, 2022· Updated Aug 3, 2024
OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF
CVE-2022-1842
Description
The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/OpenBook Book Datadescription
- Range: <=3.5.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/77aafeb9-af80-490a-b3d7-4fa973bab61cmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.