← Back

Coru Lfmember

coru_lfmember

Vendor: Marcorulicke • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-1618
1Marcorulicke
1Coru Lfmember
Jun 17, 2026
Jan 16, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin ad...Show more
The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloadsShow less