https://www.pluginvulnerabilities.com/2017/06/01/cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-companion-auto-update/

We recently found that the plugin Companion Auto Update contained a cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability with the plugin’s settings.

The CSRF portion is caused by a lack of a nonce being included with a request to change the plugin’s settings and a lack of check that valid one is included when doing the saving.

For the XSS portion,

Powered by WPeMatico

Canadian Web Hosting [Ad]

Canadian Web Hosting [Ad]