exploitDog

GHSA-qgc3-2f6v-85jf

Опубликовано: 09 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack

Ссылки

EPSS

Процентиль: 10%

0.00035

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2024-6860

CVSS3: 4.3

nvd

10 месяцев назад

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack

EPSS

Процентиль: 10%

0.00035

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352