Lucene search
WpvulndbWPVDB-ID:7802A689-FF76-45BB-AFCB-3FBFD8204CCCHistoryFeb 05, 2024 - 12:00 a.m.
Setka Editor <= 2.1.20 - Cross-Site Request Forgery via handleRequest
2024-02-0500:00:00
wpscan.com
3
wordpress
cross-site request forgery
unauthenticated attackers
Description The A no-code page builder for beautiful performance-based content plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.20. This is due to missing or incorrect nonce validation on the ‘handleRequest’ function. This makes it possible for unauthenticated attackers to dismiss admin notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Related
prion
prion
Cross site request forgery (csrf)
2024-02-29 01:44:00
cvelist
cvelist
nvd
nvd
CVE-2024-24701
2024-02-29 01:44:12
cve
cve
CVE-2024-24701
2024-02-29 01:44:12
wordfence
wordfence
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
Related for WPVDB-ID:7802A689-FF76-45BB-AFCB-3FBFD8204CCC