2 matches found
CVE-2024-7850
The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bpsajaxfieldselector, bpsajaxtemplateoptions, and bpsajaxfieldrow functions. This makes it possible for...
WordPress BP Profile Search Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software BP Profile Search Type Plugin Vulnerable versions = 5.7.5 Fixed in 5.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7850 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID c231ea7c4aad Credits vgo0 Required...