The WordPress 360 Javascript Viewer plugin exposes nonces, allowing unauthorized data modification by authenticated attackers
Reporter | Title | Published | Views | Family All 6 |
---|---|---|---|---|
WPVulnDB | 360 Javascript Viewer < 1.7.13 - Missing Authorization to Plugin Settings Update | 21 Mar 202400:00 | – | wpvulndb |
CVE | CVE-2024-1637 | 9 Apr 202419:15 | – | cve |
NVD | CVE-2024-1637 | 9 Apr 202419:15 | – | nvd |
Patchstack | WordPress 360 Javascript Viewer Plugin <= 1.7.12 is vulnerable to Broken Access Control | 22 Mar 202400:00 | – | patchstack |
Vulnrichment | CVE-2024-1637 | 9 Apr 202418:58 | – | vulnrichment |
Wordfence Blog | Wordfence Intelligence Weekly WordPress Vulnerability Report (March 18, 2024 to March 24, 2024) | 28 Mar 202415:35 | – | wordfence |
[
{
"vendor": "jtermaat",
"product": "360 Javascript Viewer",
"versions": [
{
"version": "*",
"status": "affected",
"lessThanOrEqual": "1.7.12",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo