3 matches found
CVE-2024-13852
creationtimestamp| type| source ---|---|--- 2025-02-18 05:17:08+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ligj2dh4de2y 2025-02-18 06:11:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ligm2xauad2m 2025-02-18 06:48:59+00:00| seen|...
CVE-2024-13852
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the pluginpage function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request, grant...
CVE-2024-13852 Option Editor <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the pluginpage function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request, grant...