5 matches found
WordPress News Wall plugin <= 1.1.0 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Benedictus Jovan in WordPress Plugin News Wall versions = 1.1.0...
WordPress News Wall Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software News Wall Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2970 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 532cc4a5abb6 Credits Benedictus Jovan Required...
CVE-2024-2970 News Wall <= 1.1.0 - Cross-Site Request Forgery to Plugin Settings Update
The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the nwapnewslistpage function. This makes it possible for unauthenticated attackers to update the plugin's settings a...
WordPress Plugin News Wall 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...
PT-2024-22964 · WordPress · The News Wall
Name of the Vulnerable Software and Affected Versions: The News Wall plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is due to missing or incorrect nonce validation on the nwap newslist page function, making it possible for unauthenticated attackers to update the...