- Lana Codes
- Common Vulnerabilities
REST API Authentication by miniOrange <= 2.4.0 - Settings Update via CSRF
LANACOMMONVDB ID: a03ea051-ce14-42a0-8b18-4a2bffab6f57
The plugin does not have Cross-Site Request Forgery (CSRF) check in place when updating its settings, which could allow attackers to make a logged in admin change them via a Cross-Site Request Forgery (CSRF) attack.
You must be log in to view vulnerability details.
Or register a new account.