2 matches found
CVE-2024-8795
The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the myaccountupdate function. This makes it possible for unauthenticated attackers to update a user's accou...
WordPress BA Book Everything Plugin <= 1.6.20 is vulnerable to Cross Site Request Forgery (CSRF)
Software BA Book Everything Type Plugin Vulnerable versions = 1.6.20 Fixed in 1.6.21 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8795 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID ac1ae1bb0f23 Credits wesley wcraft...