2 matches found
WordPress ImagePress Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software ImagePress Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9778 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 64726d176639 Credits Michelle Porter Required...
CVE-2024-9778 ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...