Lucene search
WpvulndbWPVDB-ID:4BF564B1-41C3-42D3-83FF-B51E8CF11537HistoryFeb 23, 2024 - 12:00 a.m.
Colibri Page Builder < 1.0.260 - Arbitrary Shortcode Call via CSRF
2024-02-2300:00:00
wpscan.com
10
colibri page builder
wordpress
cross-site request forgery
nonce validation
arbitrary shortcodes
Description The plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the cp_shortcode_refresh() function, allowing unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.0.260 |
Related
nvd
nvd
CVE-2024-1362
2024-02-23 11:15:08
cvelist
cvelist
CVE-2024-1362
2024-02-23 11:03:46
cve
cve
CVE-2024-1362
2024-02-23 11:15:08
prion
prion
Cross site request forgery (csrf)
2024-02-23 11:15:00
vulnrichment
vulnrichment
CVE-2024-1362
2024-02-23 11:03:46
wordfence
wordfence
7.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Related for WPVDB-ID:4BF564B1-41C3-42D3-83FF-B51E8CF11537