Simple Headline Rotator

CVEs (1)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2024-7860	Simple Headline Rotator Simple Headline Rotator		0.00	—	0.00		Sep 12, 2024	The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

CVE-2024-7860Sep 12, 2024
Simple Headline Rotator
Simple Headline Rotator
risk 0.00cvss —epss 0.00
The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.