What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite twitch-tv-embed-suite allows Stored XSS.This issue affects Twitch TV Embed Suite: from n/a through <= 2.1.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite twitch-tv-embed-suite allows Stored XSS.This issue affects Twitch TV Embed Suite: from n/a through <= 2.1.0.
Explanation of Vulnerability in Simple Terms
The Twitch TV Embed Suite contains a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unwanted actions on behalf of a site visitor. An attacker can craft a malicious page that, when visited by a logged-in user, triggers unintended changes to the plugin's settings or configuration. The vulnerability affects all versions up to 2.1.0 and requires user interaction to exploit.
What an attacker can do
Perform unwanted actions on the site (change settings, modify configuration) on behalf of a logged-in user.
Potential impact on your site
An attacker can trick your users into unknowingly changing plugin settings or configuration without their knowledge.
Conditions required to exploit
A logged-in site user must visit an attacker-controlled page or click a malicious link.
Key dates
External resources
Related vulnerabilities