Unsafe Settings Update in WordPress Plug-in
CVE-2024-7862
Currently unrated 🤨
Key Information
- Vendor
- WordPress
- Status
- Blogintroduction-WordPress-plugin
- Vendor
- CVE Published:
- 12 September 2024
Summary
The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Affected Version(s)
blogintroduction-wordpress-plugin <= 0.3.0
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Daniel Ruf
WPScan