CVE-2024-8090

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

15/05/2025

Last modified:

16/05/2025

Description

The JavaScript Logic WordPress plugin through 0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

Impact

References to Advisories, Solutions, and Tools

https://wpscan.com/vulnerability/c9dcd450-e8ed-4058-b002-20fb3b879ee0/