CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43337 – WordPress Brave plugin <= 0.7.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-43337
16 Aug 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.7.0. The Brave Popup Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.7.0. This is due to missing or incorrect nonce validation on the bravepop_ajax_zoho_init_token() function. This makes it possible for unauthenticated attackers to save an integration token via a forged request granted they can trick a site admini... • https://patchstack.com/database/vulnerability/brave-popup-builder/wordpress-brave-plugin-0-7-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30453 – WordPress Brave plugin <= 0.6.5 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-30453
28 Mar 2024 — Server-Side Request Forgery (SSRF) vulnerability in Brave Brave Popup Builder.This issue affects Brave Popup Builder: from n/a through 0.6.5. Vulnerabilidad de Server-Side Request Forgery (SSRF) en Brave Brave Popup Builder. Este problema afecta a Brave Popup Builder: desde n/a hasta 0.6.5. The Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 0.6.5. This makes i... • https://patchstack.com/database/vulnerability/brave-popup-builder/wordpress-brave-plugin-0-6-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •