Lucene search
K

5 matches found

OSV
OSV
added 2024/05/15 6:15 a.m.4 views

CVE-2024-3629

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

2.4CVSS5.8AI score0.00204EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/05/15 6:0 a.m.27 views

CVE-2024-3629 HL Twitter <= 2014.1.18 - Settings Update via CSRF

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.6AI score0.00204EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/05/15 6:0 a.m.14 views

CVE-2024-3629 HL Twitter <= 2014.1.18 - Settings Update via CSRF

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.7AI score0.00204EPSS
Exploits2References1
CVE
CVE
added 2024/05/15 6:0 a.m.64 views

CVE-2024-3629

CVE-2024-3629 affects the HL Twitter WordPress plugin (versions up to 2014.1.18). The description confirms a lack of CSRF protection when updating plugin settings, enabling a logged-in attacker to induce a settings change via CSRF. The available connected documents do not provide a software patch...

2.4CVSS6.6AI score0.00204EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2024/05/15 12:0 a.m.9 views

WordPress HL Twitter Plugin <= 2014.1.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software HL Twitter Type Plugin Vulnerable versions = 2014.1.18 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3629 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 106b877d04b5 Credits Bob Matyas Required...

2.4CVSS6.6AI score0.00204EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder