Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
Widget Bundle WordPress plugin
- through 2.0.0
Source
contact@wpscan.com
Tags
CVE-2024-4969 details
Published : June 21, 2024, 6:15 a.m.
Last Modified : June 21, 2024, 11:22 a.m.
Last Modified : June 21, 2024, 11:22 a.m.
Description
The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://wpscan.com/vulnerability/1a7ec5dc-eda4-4fed-9df9-f41d2b937fed/ | contact@wpscan.com |
This website uses the NVD API, but is not approved or certified by it.