Lucene search
Bob MatyasWPVDB-ID:C1F6ED2C-0F84-4B13-B39E-5CB91443C2B1HistoryApr 24, 2024 - 12:00 a.m.
HL Twitter <= 2014.1.18 - Settings Update via CSRF
2024-04-2400:00:00
Bob Matyas
wpscan.com
5
csrf attack
settings update
admin
plugin vulnerability
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
PoC
Have a logged in admin open an HTML page containing:
Related
nvd
nvd
CVE-2024-3629
2024-05-15 06:15:12
wpexploit
wpexploit
HL Twitter <= 2014.1.18 - Settings Update via CSRF
2024-04-24 00:00:00
cve
cve
CVE-2024-3629
2024-05-15 06:15:12
cvelist
cvelist
CVE-2024-3629 HL Twitter <= 2014.1.18 - Settings Update via CSRF
2024-05-15 06:00:03
vulnrichment
vulnrichment
CVE-2024-3629 HL Twitter <= 2014.1.18 - Settings Update via CSRF
2024-05-15 06:00:03
wordfence
wordfence
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:C1F6ED2C-0F84-4B13-B39E-5CB91443C2B1