Lucene search
Bob MatyasWPVDB-ID:5DEC5719-105D-4989-A97F-BDA04D223322HistoryMay 24, 2024 - 12:00 a.m.
Similarity <= 3.0 - Plugin Reset via CSRF
2024-05-2400:00:00
Bob Matyas
wpscan.com
2
plugin
reset
vulnerability
csrf
attack
admin
settings
Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
PoC
Make a logged in admin open an HTML file containing:
Related
cvelist
cvelist
CVE-2024-3971 Similarity <= 3.0 - Plugin Reset via CSRF
2024-06-14 06:00:03
vulnrichment
vulnrichment
CVE-2024-3971 Similarity <= 3.0 - Plugin Reset via CSRF
2024-06-14 06:00:03
cve
cve
CVE-2024-3971
2024-06-14 06:15:12
wpexploit
wpexploit
Similarity <= 3.0 - Plugin Reset via CSRF
2024-05-24 00:00:00
nvd
nvd
CVE-2024-3971
2024-06-14 06:15:12
wordfence
wordfence
6.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:5DEC5719-105D-4989-A97F-BDA04D223322