3 matches found
CVE-2024-13749
The StaffList plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing or incorrect nonce validation on the 'stafflist' page. This makes it possible for unauthenticated attackers to update settings and inject malicious we...
CVE-2024-13749
creationtimestamp| type| source ---|---|--- 2025-02-12 03:39:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113988831762369780 2025-02-12 04:16:59+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxcvajagd2a 2025-02-12 05:06:45+00:00|...
CVE-2024-13749
CVE-2024-13749 affects the WordPress StaffList plugin up to version 3.2.3. It is a CSRF on the stafflist page caused by missing nonce validation, enabling unauthenticated actors to update settings and inject scripts via forged requests when a site admin executes an action (e.g., clicking a link)....