4 matches found
CVE-2024-1538
The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...
CVE-2024-1538
The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...
WordPress File Manager Plugin <= 7.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software File Manager Type Plugin Vulnerable versions = 7.2.4 Fixed in 7.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1538 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8e5b8ea35374 Credits 0xBishop Required...
$601 Bounty Awarded for Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin
🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 15th, 2024, during our second Bug Bounty Extravaganza...