The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
History

Mon, 07 Oct 2024 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Vladyslavbondarenko
Vladyslavbondarenko adstxt
Weaknesses CWE-352
CPEs cpe:2.3:a:vladyslavbondarenko:adstxt:*:*:*:*:*:wordpress:*:*
Vendors & Products Vladyslavbondarenko
Vladyslavbondarenko adstxt

Wed, 25 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Vladyslav Bondarenko
Vladyslav Bondarenko adstxt
CPEs cpe:2.3:a:vladyslav_bondarenko:adstxt:*:*:*:*:*:*:*:*
Vendors & Products Vladyslav Bondarenko
Vladyslav Bondarenko adstxt
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 25 Sep 2024 06:15:00 +0000

Type Values Removed Values Added
Description The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Title adstxt Plugin <= 1.0.0 - Settings Update via CSRF
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-09-25T06:00:05.692Z

Updated: 2024-09-25T13:31:04.684Z

Reserved: 2024-08-16T18:00:05.869Z

Link: CVE-2024-7892

cve-icon Vulnrichment

Updated: 2024-09-25T13:29:23.621Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-25T06:15:05.720

Modified: 2024-10-07T17:26:49.607

Link: CVE-2024-7892

cve-icon Redhat

No data.