CVE-2024-3823

LOW Year: 2024
CVSS v3 Score
2.4
Low
Weakness Type
CWE-352
View all →

Vulnerability Description

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

Related Vulnerabilities

CVE-2020-18463

LOW
CVSS:2.4(Low)

Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message.

CWE-3522020

CVE-2024-29338

LOW
CVSS:2.4(Low)

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.

CWE-3522024

CVE-2024-3629

LOW
CVSS:2.4(Low)

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CWE-3522024

CVE-2024-30252

LOW
CVSS:2.6(Low)

Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the...

CWE-3522024

CVE-2024-4128

LOW
CVSS:2.6(Low)

This vulnerability was a potential CSRF attack. When running the Firebase emulator suite, there is an export endpoint that is used normally to export data from running emulators. If a user was running...

CWE-3522024

CVE-2024-40455

LOW
CVSS:2.7(Low)

An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request.

CWE-3522024