Lucene search
Bob MatyasWPVDB-ID:5DEC5719-105D-4989-A97F-BDA04D223322HistoryMay 24, 2024 - 12:00 a.m.
Similarity <= 3.0 - Plugin Reset via CSRF
2024-05-2400:00:00
Bob Matyas
wpscan.com
6
plugin
reset
vulnerability
csrf
attack
admin
settings
Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
PoC
Make a logged in admin open an HTML file containing:
Related
vulnrichment
vulnrichment
CVE-2024-3971 Similarity <= 3.0 - Plugin Reset via CSRF
2024-06-14 06:00:03
cve
cve
CVE-2024-3971
2024-06-14 06:15:12
nvd
nvd
CVE-2024-3971
2024-06-14 06:15:12
wpexploit
wpexploit
Similarity <= 3.0 - Plugin Reset via CSRF
2024-05-24 00:00:00
cvelist
cvelist
CVE-2024-3971 Similarity <= 3.0 - Plugin Reset via CSRF
2024-06-14 06:00:03
wordfence
wordfence
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
17.5%
Related for WPVDB-ID:5DEC5719-105D-4989-A97F-BDA04D223322