Patreon: >> Patreon Wordpress >> 1.7.6 Security Vulnerabilities
Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-11-18
The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVSS Score
5.5
EPSS Score
0.002
Published
2022-03-14