10 matches found
CVE-2024-0428
The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'resetform' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a...
CVE-2024-0428
The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'resetform' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a...
CVE-2024-0428
The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'resetform' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a...
Cross site request forgery (csrf)
The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'resetform' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a...
CVE-2024-0428 Index Now <= 2.6.3 - Cross-Site Request Forgery via reset_form
The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'resetform' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a...
CVE-2024-0428
CVE-2024-0428 concerns the WordPress plugin Index Now. A CSRF vulnerability exists in all versions up to 2.6.3 caused by missing or improper nonce validation in the reset_form function, enabling unauthenticated attackers to delete arbitrary site options via a forged request if a site admin is tri...
CVE-2024-0428 Index Now <= 2.6.3 - Cross-Site Request Forgery via reset_form
The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'resetform' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a...
WordPress plugin Index Now security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Index Now Plugin <= 2.6.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Index Now Type Plugin Vulnerable versions = 2.6.3 Fixed in 2.6.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0428 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 1df75eded923 Credits Francesco Carlucci Require...
Index Now < 2.6.4 - Cross-Site Request Forgery via reset_form
Description The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'resetform' function. This makes it possible for unauthenticated attackers to delete arbitrary site...