CVE-2024-7862

State: PUBLISHED · Published: 2024-09-12 · Updated: 2024-09-12 · Assigner: WPScan

Description

The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CWE

CWE-352 — CWE-352 Cross-Site Request Forgery (CSRF)

Affected

Unknown / blogintroduction-wordpress-plugin — v=0 ≤0.3.0 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/9b54cd05-3bb8-4bb9-a0e4-fb00d97d5cae/ exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2024/7xxx/CVE-2024-7862.json