9 matches found
CVE-2024-7817
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack...
CVE-2024-7817
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack...
CVE-2024-7817 Misiek Photo Album <= 1.4.3 - Album Deletion via CSRF
The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack...
PT-2024-38604 · WordPress · Misiek Photo Album
Name of the Vulnerable Software and Affected Versions: Misiek Photo Album WordPress plugin versions 1.4.3 and earlier Description: The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in users delete arbitrary albums via a CSRF attack. This...
U.S. Dept Of Defense: CSRF Attack leads to delete album at ████████
The report describes a CSRF vulnerability in the DoD asset ███████, specifically in the feature to create albums for a media collection. The vulnerability allows an attacker to delete a victim's album without the victim's consent, as the delete request is based on GET and lacks CSRF verification...
WordPress Misiek Photo Album plugin <= 1.4.3 - Album Deletion via CSRF vulnerability
Album Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Misiek Photo Album versions = 1.4.3...
U.S. Dept Of Defense: CSRF Attack leads to delete album at
The CSRF vulnerability was discovered in the media gallery feature of the DoD asset www.████████. The vulnerability allowed an attacker to delete albums without CSRF verification, as the delete request was based on a GET request. This could have led to the deletion of users' albums...
Cross-Site Request Forgery (CSRF) in admidio/admidio
✍️ Description Attacker able to delete any album of a user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...
CVE-2005-1947
Cross-site request forgery CSRF vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the 1 albums or 2 delimg actions...