4 matches found
CVE-2024-6321
The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'optionspage' function. This makes it possible for unauthenticated...
CVE-2024-6321 ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload
The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'optionspage' function. This makes it possible for unauthenticated...
CVE-2024-6321 ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload
The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'optionspage' function. This makes it possible for unauthenticated...
WordPress ScrollTo Bottom Plugin <= 1.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software ScrollTo Bottom Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6321 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 5847554edd86 Credits István Márton Required...