4 matches found
CVE-2024-11640
creationtimestamp| type| source ---|---|--- 2025-03-08 11:36:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6943 2025-03-08 13:48:53+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114127125396045176 2025-03-08 15:11:24+00:00| seen| https://t.me/cvedetector/19904 2025-03-...
CVE-2024-11640 VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change...
CVE-2024-11640 VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change...
CVE-2024-11640
The VikRentCar Car Rental Management System WordPress plugin (versions up to 1.4.2) is affected by a Cross-Site Request Forgery (CSRF) due to missing/incorrect nonce validation on the save function. This enables unauthenticated attackers to manipulate plugin access via forged requests that trick ...