2 matches found
CVE-2024-8490 PropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_details
The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'saveaccountdetails' function. This makes it possible for unauthenticated attackers to edit the name, email...
WordPress PropertyHive Plugin <= 2.0.19 is vulnerable to Cross Site Request Forgery (CSRF)
Software PropertyHive Type Plugin Vulnerable versions = 2.0.19 Fixed in 2.0.20 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8490 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID d53c1264ba06 Credits wesley wcraft Require...