3 matches found
CVE-2024-9990
CVE-2024-9990 describes a CSRF-to-authentication-bypass vulnerability in the WordPress Crypto plugin (versions
CVE-2024-9990 Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'cryptoconnectajaxprocess::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the...
WordPress Crypto Plugin <= 2.15 is vulnerable to Cross Site Request Forgery (CSRF)
Software Crypto Type Plugin Vulnerable versions = 2.15 Fixed in 2.16 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9990 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 9ea8df5f4b5b Credits István Márton Required privileg...