CVE-2024-39680 in Cooked Pluginthông tin

Tóm tắt

Bởi MITRE • 18/07/2024

Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

chịu trách nhiệm

GitHub M

Đặt trước

27/06/2024

Tiết lộ

18/07/2024

Kiểm duyệt

được chấp nhận

EPSS

0.00334

KEV

không

Các hoạt động

rất thấp

Nguồn

Want to stay up to date on a daily basis?

Enable the mail alert feature now!