CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6024 – ContentLock <= 1.0.3 - Groups/Emails Deletion via CSRF
https://notcve.org/view.php?id=CVE-2024-6024
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack El complemento ContentLock para WordPress hasta la versión 1.0.3 no tiene activada la verificación CSRF al eliminar grupos o correos electrónicos, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los elimine mediante un ataque CSRF. The ContentLock plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to delete groups and emails via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/3d2cdb4f-b7e1-4691-90d1-cddde7f5858e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6023 – ContentLock <= 1.0.3 - Email Adding via CSRF
https://notcve.org/view.php?id=CVE-2024-6023
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack El complemento ContentLock para WordPress hasta la versión 1.0.3 no tiene activada la verificación CSRF al agregar correos electrónicos, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión realice dicha acción a través de un ataque CSRF. The ContentLock plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to add an email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/6e812189-2980-453d-931d-1f785e8dbcc0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6022 – ContentLock <= 1.0.3 - Settings Update via CSRF
https://notcve.org/view.php?id=CVE-2024-6022
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack El complemento ContentLock para WordPress hasta la versión 1.0.3 no tiene activada la verificación CSRF al actualizar su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF. The ContentLock plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/871a93b5-ec67-4fe0-bc39-e5485477fbeb • CWE-352: Cross-Site Request Forgery (CSRF) •