The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
References
Configurations
History
21 Nov 2024, 08:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/71c616ff-0a7e-4f6d-950b-79c469a28263 - Exploit |
24 Nov 2023, 19:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-20 19:15
Updated : 2024-11-21 08:36
NVD link : CVE-2023-4824
Mitre link : CVE-2023-4824
CVE.ORG link : CVE-2023-4824
JSON object : View
Products Affected
bdaia
- woohoo_newspaper_magazine_theme
CWE
CWE-352
Cross-Site Request Forgery (CSRF)