5 matches found
CVE-2024-13315
The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the savesetting function. This makes it possible for unauthenticated...
CVE-2024-13315
creationtimestamp| type| source ---|---|--- 2025-02-18 06:15:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ligmcsy5wg2t 2025-02-18 08:00:35+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/4751 2025-02-18 08:48:31+00:00| seen|...
CVE-2024-13315
The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the savesetting function. This makes it possible for unauthenticated...
CVE-2024-13315 Shopwarden – Automated WooCommerce monitoring & testing <= 1.0.11 - Cross-Site Request Forgery to Arbitrary Options Update
The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the savesetting function. This makes it possible for unauthenticated...
CVE-2024-13315
CVE-2024-13315 affects the Shopwarden plugin for WordPress (≤1.0.11). The issue is Cross-Site Forgery via missing nonce validation in save_setting(), enabling unauthenticated attackers to update arbitrary options and potentially escalate privileges by tricking an admin into performing actions. CV...