WordPress Plugin Vulnerabilities

Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF

Description

The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack

Proof of Concept

Affects Plugins

Plugin icon
base64-encoderdecoder
No known fix

References

CVE
CVE-2024-3824

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Bob Matyas
Submitter
Bob Matyas
Submitter website
https://www.bobmatyas.com
Submitter twitter
bobmatyas
Verified
Yes
WPVDB ID
749ae334-b1d1-421e-a04c-35464c961a4a

Timeline

Publicly Published
2024-04-24 (about 1 year ago)
Added
2024-04-24 (about 1 year ago)
Last Updated
2024-04-24 (about 1 year ago)

Other

Published
Title
Published
2025-05-07
Title
WP Fundraising Donation and Crowdfunding Platform < 1.7.4 - Cross-Site Request Forgery
Published
2025-06-27
Title
Slickstream < 3.0.0 - Cross-Site Request Forgery
Published
2023-07-03
Title
Login/Signup Popup < 2.4 - Settings Reset via CSRF
Published
2023-10-17
Title
Envo Extra < 1.8.4 - Cross-Site Request Forgery
Published
2020-02-05
Title
WP Fastest Cache < 0.9.0.3 - Cross-Site Request Forgery (CSRF) Arbitrary File Deletion