Lucene search
Bob MatyasWPVDB-ID:5B84145B-F94E-4EA7-84D5-56CF776817A2HistoryMar 25, 2024 - 12:00 a.m.
Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
2024-03-2500:00:00
Bob Matyas
wpscan.com
4
advance search
csrf
shortcodes
security
attack
logged in users
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
PoC
Make a logged in admin open the following HTML (replace __FORM_ID__ with a valid ID): The security field isn’t validated and the shortcode is deleted.
Related
cvelist
cvelist
CVE-2024-2739 Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
2024-04-15 05:00:05
wpexploit
wpexploit
Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
2024-03-25 00:00:00
cve
cve
CVE-2024-2739
2024-04-15 05:15:15
nvd
nvd
CVE-2024-2739
2024-04-15 05:15:15
vulnrichment
vulnrichment
CVE-2024-2739 Advance Search <= 1.1.6 - Shortcode Deletion via CSRF
2024-04-15 05:00:05
wordfence
wordfence
AI Score
6.4
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:5B84145B-F94E-4EA7-84D5-56CF776817A2