Lucene search
+L

4 matches found

NVD
NVD
added 2024/07/09 8:15 a.m.21 views

CVE-2024-6321

The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'optionspage' function. This makes it possible for unauthenticated...

8.8CVSS0.00437EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/09 7:38 a.m.12 views

CVE-2024-6321 ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload

The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'optionspage' function. This makes it possible for unauthenticated...

8.8CVSS8.8AI score0.00437EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/09 7:38 a.m.24 views

CVE-2024-6321 ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload

The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'optionspage' function. This makes it possible for unauthenticated...

8.8CVSS0.00437EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/09 12:0 a.m.8 views

WordPress ScrollTo Bottom Plugin <= 1.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ScrollTo Bottom Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6321 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 5847554edd86 Credits István Márton Required...

8.8CVSS6.7AI score0.00437EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder