PT-2024-38606 · WordPress · Ilc Thickbox
Daniel Ruf
·
Published
2024-09-11
·
Updated
2024-09-27
·
CVE-2024-7820
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ILC Thickbox WordPress plugin version 1.0
Description
The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.
Recommendations
For ILC Thickbox WordPress plugin version 1.0, consider disabling the settings update functionality until a patch is available to prevent potential CSRF attacks. Restrict access to the plugin's settings to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ilc Thickbox