Cross-Site Request Forgery in GamiPress WordPress Plugin Could Compromise Admin Settings
CVE-2024-8245
Key Information:
Badges
What is CVE-2024-8245?
The GamiPress WordPress plugin prior to version 1.0.1 is susceptible to a security flaw that lacks a proper Cross-Site Request Forgery (CSRF) check when updating plugin settings. This oversight could enable an attacker to exploit the vulnerability, allowing unauthorized changes to be made by a logged-in administrator. Ensuring the implementation of CSRF tokens in web applications is essential for safeguarding against such attacks and maintaining the integrity of administrative actions.
Affected Version(s)
GamiPress 0 < 1.0.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved