Lucene search
Bob MatyasWPVDB-ID:BB0245E5-8E94-4F11-9003-D6208945056CHistoryApr 19, 2024 - 12:00 a.m.
reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
2024-04-1900:00:00
Bob Matyas
wpscan.com
6
recaptcha jetpack
csrf
settings update
security vulnerability
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PoC
Have an admin open an HTML page containing:
Related
cve
cve
CVE-2024-3940
2024-05-14 15:42:36
nvd
nvd
CVE-2024-3940
2024-05-14 15:42:36
wpexploit
wpexploit
reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
2024-04-19 00:00:00
cvelist
cvelist
CVE-2024-3940 reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
2024-05-10 06:00:02
vulnrichment
vulnrichment
CVE-2024-3940 reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
2024-05-10 06:00:02
wordfence
wordfence
6.3 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.0%
Related for WPVDB-ID:BB0245E5-8E94-4F11-9003-D6208945056C