CVE-2024-6309

The Attachment File Icons AF Icons plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.3. This is due to missing nonce validation in the 'afioverview' function and missing file type validation in the 'uploadicons' function...

WordPress Attachment File Icons (AF Icons) plugin <= 1.3 - Cross-Site Request Forgery to Arbitrary File Upload vulnerability

Cross-Site Request Forgery to Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin Attachment File Icons versions = 1.3...

WordPress plugin Attachment File Icons security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Attachment File Icons Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Attachment File Icons Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6309 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID c3b98b264536 Credits István Márton...