WordPress Plugin Custom Author Base CSRF Vulnerability (CVE-2024-8050)

Critical Vulnerability Information Description Vulnerability Type: CSRF (Cross-Site Request Forgery) Affected Plugin: Custom Author Base <= 1.1.1 Issue: The plugin does not perform CSRF checks when updating settings, allowing attackers to modify settings of logged-in administrators via CSRF attacks. Vulnerability Details CVE ID: CVE-2024-8050 Classification: - OWASP Top 10: A2: Broken Authentication and Session Management - CWE: CWE-352 - CVSS Score: 4.3 (Medium) Timeline Public Release Date: 2024-07-11 Added Date: 2024-09-13 Last Updated Date: 2024-09-13 Additional Information Original Researcher: Daniel Ruf Submitter Website: https://magos-securitas.com/ Verification Status: Verified WPVDB ID: 28c9c127-464a-4750-8b62-a9b90b01f1af References Related Vulnerabilities: - Cool Video Gallery 1.8 - admin/gallery-manage.php Gallery Deletion CSRF - Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF - Quick Subscribe <= 1.71 - Arbitrary Settings Update via CSRF to Stored XSS - ReDi Restaurant Reservation < 24.0303 - Cross-Site Request Forgery via redi_restaurant_admin_options_page() - Buddypress Humanity <= 1.2 - Cross-Site Request Forgery to Privilege Escalation

Goal Reached Thanks to every supporter — we hit 100%!

WordPress Plugin Custom Author Base CSRF Vulnerability (CVE-2024-8050)

More from this source