Lucene search
K

4 matches found

OSV
OSV
added 2024/03/21 4:15 a.m.3 views

CVE-2024-1538

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...

8.8CVSS7.1AI score0.10651EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/21 3:32 a.m.12 views

CVE-2024-1538

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...

8.8CVSS6.3AI score0.10651EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/03/21 12:0 a.m.10 views

WordPress File Manager Plugin <= 7.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software File Manager Type Plugin Vulnerable versions = 7.2.4 Fixed in 7.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1538 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8e5b8ea35374 Credits 0xBishop Required...

8.8CVSS7AI score0.10651EPSS
Exploits0References3Affected Software1
Wordfence Blog
Wordfence Blog
added 2024/03/20 3:0 p.m.20 views

$601 Bounty Awarded for Interesting Cross-Site Request Forgery to Local JS File Inclusion Vulnerability Patched in File Manager WordPress Plugin

🎉 Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! On February 15th, 2024, during our second Bug Bounty Extravaganza...

6.8CVSS7.7AI score0.10651EPSS
Exploits0
Rows per page
Query Builder