5 matches found
WordPress GS Logo Slider plugin < 3.7.1 - Settings Update via Cross-Site Request Forgery vulnerability
Settings Update via Cross-Site Request Forgery vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin GS Logo Slider versions 3.7.1...
CVE-2024-9233
The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-9233
The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-9233 GS Logo Slider < 3.7.1 - Settings Update via Cross-Site Request Forgery
The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-9233
CVE-2024-9233 concerns the Logo Slider WordPress plugin, versions prior to 3.7.1. The public description and Red Hat/NVD entries confirm a lack of CSRF protection when updating plugin settings, potentially allowing a logged-in admin to be coerced into changing settings via CSRF. The vulnerability...