Lucene search
+L

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.9 views

CVE-2024-7817

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack...

6.5CVSS6.9AI score0.00225EPSS
Exploits1References1
OSV
OSV
added 2024/09/12 6:15 a.m.7 views

CVE-2024-7817

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack...

6.5CVSS5.9AI score0.00225EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/09/12 6:0 a.m.26 views

CVE-2024-7817 Misiek Photo Album <= 1.4.3 - Album Deletion via CSRF

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack...

0.00225EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.7 views

PT-2024-38604 · WordPress · Misiek Photo Album

Name of the Vulnerable Software and Affected Versions: Misiek Photo Album WordPress plugin versions 1.4.3 and earlier Description: The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in users delete arbitrary albums via a CSRF attack. This...

6.5CVSS6.5AI score0.00225EPSS
Exploits1References7
Hacker One
Hacker One
added 2024/09/04 1:25 p.m.3 views

U.S. Dept Of Defense: CSRF Attack leads to delete album at ████████

The report describes a CSRF vulnerability in the DoD asset ███████, specifically in the feature to create albums for a media collection. The vulnerability allows an attacker to delete a victim's album without the victim's consent, as the delete request is based on GET and lacks CSRF verification...

7AI score
Exploits0
Patchstack
Patchstack
added 2024/08/27 1:37 a.m.5 views

WordPress Misiek Photo Album plugin <= 1.4.3 - Album Deletion via CSRF vulnerability

Album Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Misiek Photo Album versions = 1.4.3...

6.5CVSS7AI score0.00225EPSS
Exploits1References1Affected Software1
Hacker One
Hacker One
added 2024/08/12 3:0 p.m.10 views

U.S. Dept Of Defense: CSRF Attack leads to delete album at

The CSRF vulnerability was discovered in the media gallery feature of the DoD asset www.████████. The vulnerability allowed an attacker to delete albums without CSRF verification, as the delete request was based on a GET request. This could have led to the deletion of users' albums...

7AI score
Exploits0
Huntr
Huntr
added 2021/08/17 8:19 p.m.8 views

Cross-Site Request Forgery (CSRF) in admidio/admidio

✍️ Description Attacker able to delete any album of a user with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

1AI score
Exploits0
NVD
NVD
added 2005/06/09 4:0 a.m.12 views

CVE-2005-1947

Cross-site request forgery CSRF vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the 1 albums or 2 delimg actions...

5CVSS4.8AI score0.00461EPSS
Exploits1References2
Rows per page
Query Builder