exploitDog

GHSA-c8jp-pc3c-h742

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack.

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack.

Ссылки

EPSS

Процентиль: 34%

0.0014

Низкий

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-24735

CVSS3: 6.5

nvd

больше 4 лет назад

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack.

EPSS

Процентиль: 34%

0.0014

Низкий

CVE ID

Дефекты

CWE-352