5 matches found
CVE-2024-3629
The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-3629 HL Twitter <= 2014.1.18 - Settings Update via CSRF
The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-3629 HL Twitter <= 2014.1.18 - Settings Update via CSRF
The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-3629
CVE-2024-3629 affects the HL Twitter WordPress plugin (versions up to 2014.1.18). The description confirms a lack of CSRF protection when updating plugin settings, enabling a logged-in attacker to induce a settings change via CSRF. The available connected documents do not provide a software patch...
WordPress HL Twitter Plugin <= 2014.1.18 is vulnerable to Cross Site Request Forgery (CSRF)
Software HL Twitter Type Plugin Vulnerable versions = 2014.1.18 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3629 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 106b877d04b5 Credits Bob Matyas Required...