Lucene search
CVE-2024-3823
Base64 Encoder/Decoder WordPress plugin vulnerabilities
Show more
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | WordPress Base64 Encoder/Decoder Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS) | 15 May 202400:00 | – | patchstack |
 | CVE-2024-3823 Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF | 15 May 202406:00 | – | vulnrichment |
 | CVE-2024-3823 | 15 May 202406:15 | – | nvd |
 | CVE-2024-3823 Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF | 15 May 202406:00 | – | cvelist |
 | Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF | 24 Apr 202400:00 | – | wpexploit |
 | Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF | 24 Apr 202400:00 | – | wpvulndb |
 | Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024) | 2 May 202414:49 | – | wordfence |
Node
base64_encoder\/decoderRange≤0.9.2wordpress
[
{
"vendor": "Unknown",
"product": "Base64 Encoder/Decoder",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "0.9.2"
}
],
"defaultStatus": "affected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| b64_button_text | request body | /wp-admin/options-general.php?page=base64-encoderdecoder%2fbase64-encoderdecoder.php | The endpoint is vulnerable to CSRF attacks allowing stored XSS payloads to be submitted by an authenticated admin user. | CWE-352, CWE-79 |
| b64_wordwrap | request body | /wp-admin/options-general.php?page=base64-encoderdecoder%2fbase64-encoderdecoder.php | The endpoint is vulnerable to CSRF attacks allowing stored XSS payloads to be submitted by an authenticated admin user. | CWE-352, CWE-79 |
| b64_format | request body | /wp-admin/options-general.php?page=base64-encoderdecoder%2fbase64-encoderdecoder.php | The endpoint is vulnerable to CSRF attacks allowing stored XSS payloads to be submitted by an authenticated admin user. | CWE-352, CWE-79 |
| update | request body | /wp-admin/options-general.php?page=base64-encoderdecoder%2fbase64-encoderdecoder.php | The endpoint is vulnerable to CSRF attacks allowing stored XSS payloads to be submitted by an authenticated admin user. | CWE-352, CWE-79 |
| enter | request body | /wp-admin/options-general.php?page=base64-encoderdecoder%2fbase64-encoderdecoder.php | The endpoint is vulnerable to CSRF attacks allowing stored XSS payloads to be submitted by an authenticated admin user. | CWE-352, CWE-79 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo15 May 2024 06:15Current
5.7Medium risk
Vulners AI Score5.7
EPSS0.00083
SSVC