3 matches found
CVE-2021-24780
creationtimestamp| type| source ---|---|--- 2021-12-13 14:25:50+00:00| seen| https://t.me/cibsecurity/33823...
CVE-2021-24780 Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF
The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able...
CVE-2021-24780
The CVE-2021-24780 entries describe a CSRF vulnerability in the WordPress plugin “Single Post Exporter” versions up to 1.1.1, where saving settings lacks CSRF checks. Root cause: missing CSRF validation in the settings update function, which can let an authenticated attacker change settings and g...