CVE-2024-1501

The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the installwpr function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via ...

CVE-2024-1501

The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the installwpr function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via ...

WordPress WP Database Reset Plugin <= 3.22 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Database Reset Type Plugin Vulnerable versions = 3.22 Fixed in 3.23 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1501 Patch priority Low CVSS severity Low 4.7 Developer WebFactory Ltd. PSID c53221c813e9 Credits Lucio Sá Required...

PT-2024-18096 · WordPress · Wp Database Reset

Name of the Vulnerable Software and Affected Versions: Database Reset plugin for WordPress versions up to, and including, 3.22 Description: The issue is due to missing or incorrect nonce validation on the install wpr function, making it possible for unauthenticated attackers to install the WP Res...