CVE-2024-3823

CVE-2024-3823 affects the WordPress plugin Base64 Encoder/Decoder (versions ≤ 0.9.2). The underlying issue is lack of CSRF protection when updating settings, combined with insufficient sanitization and escaping. This could allow a logged-in attacker to trigger a CSRF that enables Stored XSS paylo...

Cross site request forgery (csrf)

The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin...