Home

Description

T h e W P L o g s B o o k W o r d P r e s s p l u g i n t h r o u g h 1 . 0 . 1 d o e s n o t h a v e C S R F c h e c k i n p l a c e w h e n u p d a t i n g i t s s e t t i n g s , w h i c h c o u l d a l l o w a t t a c k e r s t o m a k e a l o g g e d i n a d m i n c h a n g e t h e m v i a a C S R F a t t a c k

PUBLISHED Reserved 2024-05-03 | Published 2024-06-21 | Updated 2024-08-01 | Assigner WPScan

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status
affected

Any version
affected

Credits

Bob Matyas finder

WPScan coordinator

References

wpscan.com/...rability/71954c60-6a5b-4cac-9920-6d9b787ead9c/ exploit vdb-entry technical-description

wpscan.com/...rability/71954c60-6a5b-4cac-9920-6d9b787ead9c/ exploit vdb-entry technical-description

cve.org (CVE-2024-4474)

nvd.nist.gov (CVE-2024-4474)