mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
844 B
844 B
CVE-2024-2429
&color=brighgreen)
Description
The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
POC
Reference
- https://wpscan.com/vulnerability/1c6812d8-a218-4c15-9e2d-d43f3f3b0e78/
- https://wpscan.com/vulnerability/1c6812d8-a218-4c15-9e2d-d43f3f3b0e78/