2 matches found
WordPress Digits Plugin <= 8.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Digits Type Plugin Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-0203 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d69a9fce5806 Credits István Márton Required...
CVE-2024-0203
CVE-2024-0203 (Digits WordPress plugin) affects WordPress Digits up to version 8.4.1. The vulnerability is a Cross‑Site Request Forgery caused by missing nonce validation in the digits_save_settings function. This allows unauthenticated attackers to push forged requests that can change the defaul...