WordPress Community Forum
WordPress Support => WordPress Vulnerability => Topic started by: Kailash on Jun 15, 2022, 09:52 AM
WordPress Pagebar plugin <= 2.65 - Arbitrary Settings Update via CSRF vulnerability to Stored XSS
Plugin name: WordPress Pagebar plugin
Vulnerable versions: <= 2.65
Fixed in: N/A
CVE ID: CVE-2022-1757
Classification: Cross Site Request Forgery (CSRF)
Publicly disclosed: 2022-06-15
Vulnerability Details
Arbitrary Settings Update via CSRF vulnerability to Stored XSS discovered by Daniel Ruf in WordPress Pagebar plugin (versions <= 2.65)
Solution
Deactivate and delete. This plugin has been closed as of June 14, 2022 and is not available for download. This closure is temporary, pending a full review.
Plugin Link: N/A