-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| wpglobus/wpglobus | composer | <= 1.9.6 | 1.9.7 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability stems from two key issues: 1) Improper sanitization of user-controlled input in the 'wpglobus_option' settings array (specifically parameters like post_type[page]), allowing stored XSS. This points to missing or inadequate sanitization functions in the plugin's options handling code. 2) Absence of CSRF protections (nonce checks) in the settings update workflow, as demonstrated by the working CSRF PoC. While exact function names/paths aren't provided in the advisory, WordPress plugin patterns indicate these vulnerabilities would manifest in the plugin's settings sanitization callback and form submission handler.
Ongoing coverage of React2Shell