Boletines de Vulnerabilidades

Vulnerability Details: Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Use Any Font

Información sobre el sistema
   
Software afectado Wordpress

Descripción
https://www.pluginvulnerabilities.com/2017/10/20/vulnerability-details-cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-use-any-font/Recently the web scanner service Detectify has been vaguely disclosing minor vulnerabilities in a number of WordPress plugins. It seems like they are aware that they could notify the developer of these, but usually haven’t been doing it. One of the more recent batch was a cross-site request forgery (CSRF) vulnerability in the plugin

More info:

https://www.pluginvulnerabilities.com/2017/10/20/vulnerability-details-cross-site-request-forgery-csrfcross-site-scripting-xss-vulnerability-in-use-any-font/

Identificadores estándar
Propiedad Valor
CVE

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2017-10-21

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT