Wallabag DC-2023-0737: Unprotected Account Deletion

2024-11-19

:

Wallabag version 2.5.2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This vulnerability allows attackers to trick users into deleting their own accounts. The issue is fixed in version 2.5.4.

Vulnerability Details:

Platform: Wallabag
Version: 2.5.2
Vulnerability: CSRF
Severity: Not specified in the provided information
Date: November 15, 2024 (NVD Published Date)

What Undercode Says:

This vulnerability could allow attackers to take control of user accounts on Wallabag version 2.5.2. Upgrading to version 2.5.4 is recommended to address this security risk.

Additional Notes:

The NVD entry for this vulnerability does not currently include a CVSS severity score.
The specific details of how this vulnerability can be exploited are not provided in the given information.

We recommend that Wallabag users update to version 2.5.4 as soon as possible.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top