CSRF Flaw in WordPress Plugin Could Allow Attackers to Trick Admin into Making Unintended Actions

CVE-2024-6230

Currently unrated 🤨

Key Information

Vendor: WordPress
Status: پلاگین پرداخت دلخواه
Vendor: CVE Published:; 30 July 2024

Summary

The ?????? ?????? ?????? WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack

Affected Version(s)

پلاگین پرداخت دلخواه <= 2.9.8

Timeline

Vulnerability published.
Jul 30, 2024
Vulnerability Reserved.
Jun 20, 2024

Collectors

NVD DatabaseMitre Database

Credit

Bob Matyas

WPScan