CVE-2024-7820

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-7820

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-7820 ILC Thickbox <= 1.0 - Settings update via CSRF

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-7820

CVE-2024-7820 affects ILC Thickbox WordPress plugin (≤ 1.0). The issue is a CSRF protection bypass during settings updates, enabling a logged-in attacker to change settings via a CSRF attack. Root cause: absence of CSRF checks in the settings update path. Public details in connected sources confi...

CVE-2024-7820 ILC Thickbox <= 1.0 - Settings update via CSRF

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

PT-2024-38606 · WordPress · Ilc Thickbox

Name of the Vulnerable Software and Affected Versions: ILC Thickbox WordPress plugin version 1.0 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For ILC...