CVE-2024-7689

MEDIUM Year: 2024
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-352
View all →

Vulnerability Description

The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

Related Vulnerabilities

CVE-2019-20100

MEDIUM
CVSS:4.7(Medium)

The Atlassian Application Links plugin is vulnerable to cross-site request forgery (CSRF). The following versions are affected: all versions prior to 5.4.21, from version 6.0.0 before version 6.0.12, ...

CWE-3522019

CVE-2020-6206

MEDIUM
CVSS:4.7(Medium)

SAP Cloud Platform Integration for Data Services, version 1.0, allows user inputs to be reflected as error or warning massages. This could mislead the victim to follow malicious instructions inserted ...

CWE-3522020

CVE-2021-27701

MEDIUM
CVSS:4.7(Medium)

SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/...

CWE-3522021

CVE-2021-34661

MEDIUM
CVSS:4.7(Medium)

The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attac...

CWE-3522021

CVE-2022-0328

MEDIUM
CVSS:4.7(Medium)

The Simple Membership WordPress plugin before 4.0.9 does not have CSRF check when deleting members in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack

CWE-3522022

CVE-2022-3750

MEDIUM
CVSS:4.7(Medium)

The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation.

CWE-3522022