3 matches found
WordPress DN Popup Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software DN Popup Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7690 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a751fbd5d5e4 Credits Bob Matyas Required privilege...
CVE-2024-7690
creationtimestamp| type| source ---|---|--- 2024-09-02 12:12:18+00:00| seen| https://t.me/cvedetector/4609...
CVE-2024-7690 DN Popup <= 1.2.2 - Settings Update via CSRF
The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...