Lucene search
WpvulndbWPVDB-ID:C5D26DAF-7DF1-4241-B2BE-9D06049E330AHistoryJan 05, 2024 - 12:00 a.m.
Thrive Automator < 1.17.1 - Cross-Site Request Forgery
2024-01-0500:00:00
wpscan.com
11
wordpress
cross-site request forgery
vulnerable version
nonce validation
factory reset
unauthenticated attackers
plugin settings
site administrator
Description The Thrive Automator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.17. This is due to missing or incorrect nonce validation on the factory_reset function. This makes it possible for unauthenticated attackers to reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 1.17.1 |
Related
cvelist
cvelist
nvd
nvd
CVE-2023-51531
2024-02-29 05:15:09
cve
cve
CVE-2023-51531
2024-02-29 05:15:09
prion
prion
Cross site request forgery (csrf)
2024-02-29 05:15:00
wordfence
wordfence
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
Related for WPVDB-ID:C5D26DAF-7DF1-4241-B2BE-9D06049E330A