6 matches found
CVE-2024-3824
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-3824
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-3824 Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-3824 Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-3824
CVE-2024-3824 affects the WordPress plugin “Base64 Encoder/Decoder” up to version 0.9.2. The vulnerability arises from a missing CSRF check when resetting plugin settings, potentially allowing a logged-in attacker to trigger a CSRF reset on an admin. Public details consistently describe the issue...
WordPress Base64 Encoder/Decoder Plugin <= 0.9.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Base64 Encoder/Decoder Type Plugin Vulnerable versions = 0.9.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 51b5eb3fcb26 Credits Bob Matyas...