CVE-2024-12280
published 2025-01-27CVE-2024-12280: The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in…
PriorityP416medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.20%
9.5th percentile
The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| marvinlabs | wp_customer_area | < 8.2.4 | 8.2.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
Cross-Site Request Forgery (CSRF): Examples & Prevention | Wiz
blogs_wiz·2025-12-29
Cross-Site Request Forgery (CSRF): Examples & Prevention | Wiz
## What is CSRF?
Cross-site request forgery (CSRF) is a cybersecurity attack where a malicious website or attacker tricks your browser into making unwanted requests to an authenticated website. By exploiting the trust between web applications and authenticated users, apps automatically accept HTTP requests (POST, GET, PUT, and DELETE) without knowing whether the requests are legitimate or malicious.
For example, imagine you log in to your bank account and then visit another website with a CSRF vulnerability. The compromised website can leverage your active session cookie to disguise itself as you and perform malicious actions, such as transferring money from your account, without further authentication.
## How CSRF works
CSRF exploits apps with flawed session management and weaknesses
Wiz
Cross-Site Request Forgery (CSRF): Examples & Prevention | Wiz
blogs_wiz·2025-12-29
Cross-Site Request Forgery (CSRF): Examples & Prevention | Wiz
## What is CSRF?
Cross-site request forgery (CSRF) is a cybersecurity attack where a malicious website or attacker tricks your browser into making unwanted requests to an authenticated website. By exploiting the trust between web applications and authenticated users, apps automatically accept HTTP requests (POST, GET, PUT, and DELETE) without knowing whether the requests are legitimate or malicious.
For example, imagine you log in to your bank account and then visit another website with a CSRF vulnerability. The compromised website can leverage your active session cookie to disguise itself as you and perform malicious actions, such as transferring money from your account, without further authentication.
## How CSRF works
CSRF exploits apps with flawed session management and weaknesses
2025-01-27
Published