Unsafe Settings Update in WordPress Plug-in

CVE-2024-7862

Currently unrated 🤨

Key Information

Vendor: WordPress
Status: Blogintroduction-WordPress-plugin
Vendor: CVE Published:; 12 September 2024

Summary

The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affected Version(s)

blogintroduction-wordpress-plugin <= 0.3.0

Timeline

Vulnerability published.
Sep 12, 2024
Vulnerability Reserved.
Aug 15, 2024

Collectors

NVD DatabaseMitre Database

Credit

Daniel Ruf

WPScan