3 matches found
CVE-2024-4969 Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack...
CVE-2024-4969 Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack...
WordPress Widget Bundle Plugin <= 2.0.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Widget Bundle Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4969 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4d33e296cc6c Credits Bob Matyas Required...