3 matches found
WordPress WP eStore Plugin < 8.5.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP eStore Type Plugin Vulnerable versions 8.5.6 Fixed in 8.5.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6136 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cbacff106a90 Credits Bob Matyas Required privileg...
CVE-2024-6136
The CVE-2024-6136 entry concerns wp-cart-for-digital-products for WordPress (pre-8.5.6) lacking CSRF checks in certain areas, potentially enabling a logged-in attacker to cause unintended actions via CSRF. Public advisories from connected sources confirm the issue and note the impact is a CSRF vu...
CVE-2024-6136 WP eStore < 8.5.6 - Settings Reset via CSRF
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...