6 matches found
CVE-2024-13683
The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the 'automatehub' page. This makes it possible for unauthenticated attackers to update an...
CVE-2024-13683
creationtimestamp| type| source ---|---|--- 2025-01-24 08:03:57+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2883 2025-01-24 09:23:03+00:00| seen| https://t.me/cvedetector/16252...
CVE-2024-13683
The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the 'automatehub' page. This makes it possible for unauthenticated attackers to update an...
CVE-2024-13683
CVE-2024-13683 – Automate Hub Free by Sperse.IO (WordPress) Impact: Cross-Site Request Forgery (CSRF) on the Automate Hub page could allow unauthenticated attackers to update an activation status if a site administrator is tricked into performing an action. Root cause: missing or incorrect nonce ...
CVE-2024-13683 Automate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery to Activation Status Update
The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the 'automatehub' page. This makes it possible for unauthenticated attackers to update an...
CVE-2024-13683 Automate Hub Free by Sperse.IO <= 1.7.0 - Cross-Site Request Forgery to Activation Status Update
The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the 'automatehub' page. This makes it possible for unauthenticated attackers to update an...