The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Metrics
Affected Vendors & Products
References
History
Thu, 12 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Blogintroduction Wordpress Plugin
Blogintroduction Wordpress Plugin blogintroduction Wordpress Plugin |
|
Weaknesses | CWE-352 | |
CPEs | cpe:2.3:a:blogintroduction_wordpress_plugin:blogintroduction_wordpress_plugin:*:*:*:*:*:*:*:* | |
Vendors & Products |
Blogintroduction Wordpress Plugin
Blogintroduction Wordpress Plugin blogintroduction Wordpress Plugin |
|
Metrics |
cvssV3_1
|
Thu, 12 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |
Title | Blog Introduction <= 0.3.0 - Settings Update via CSRF | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-12T06:00:06.592Z
Updated: 2024-09-12T13:23:00.960Z
Reserved: 2024-08-15T18:27:21.921Z
Link: CVE-2024-7862
Vulnrichment
Updated: 2024-09-12T13:22:46.469Z
NVD
Status : Awaiting Analysis
Published: 2024-09-12T06:15:25.003
Modified: 2024-09-12T14:35:21.530
Link: CVE-2024-7862
Redhat
No data.