WP VR – 360 Panorama and Virtual Tour Builder For WordPress, CVE-2023-6529
- CVE, Research URL
- Home page URL
-
Security reports for WP VR – 360 Panorama and Virtual Tour Builder For WordPress
- Published on
- Jan 09, 2024
- Research Description
- The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities.
- Affected versions
-
Min -, max 8.3.15.
- Status
-
vulnerable