patchstack.com Open in urlscan Pro
18.245.46.126  Public Scan

Form analysis
1 forms found in the DOM

POST https://patchstack.com/database/subscribe

<form action="https://patchstack.com/database/subscribe" method="POST" class="form-newsletter" id="form-newsletter">
  <input type="hidden" name="_token" value="aP2e6cCxlJxYGgNhC8pYNnuUbdOHjG03nEzI7NvV">
  <div class="form-container">
    <div class="icon">
      <img src="https://patchstack.com/database/img/envelope.svg" alt="vPatch available">
    </div>
    <label class="email-label">
      <input type="email" name="email" placeholder="Enter e-mail" class="input-email">
    </label>
    <button class="btn btn-sm btn-primary">Subscribe</button>
  </div>
</form>

Text Content

We value your privacy

We use cookies to enhance your browsing experience, serve personalised ads or
content, and analyse our traffic. By clicking "Accept All", you consent to our
use of cookies.

Customize Reject All Accept All
Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions.
You will find detailed information about all cookies under each consent category
below.

The cookies that are categorised as "Necessary" are stored on your browser as
they are essential for enabling the basic functionalities of the site. ... Show
more


NecessaryAlways Active

Necessary cookies are required to enable the basic features of this site, such
as providing secure log-in or adjusting your consent preferences. These cookies
do not store any personally identifiable data.

 * Cookie
   XSRF-TOKEN
 * Duration
   2 hours
 * Description
   This cookie enhances visitor browsing security by preventing cross-site
   request forgery.

 * Cookie
   intercom-id-*
 * Duration
   8 months 26 days 1 hour
 * Description
   Intercom sets this cookie that allows visitors to see any conversations
   they've had on Intercom websites.

 * Cookie
   intercom-session-*
 * Duration
   7 days
 * Description
   Intercom sets this cookie that allows visitors to see any conversations
   they've had on Intercom websites.

 * Cookie
   intercom-device-id-*
 * Duration
   8 months 26 days 1 hour
 * Description
   Intercom sets this cookie that allows visitors to see any conversations
   they've had on Intercom websites.

 * Cookie
   _GRECAPTCHA
 * Duration
   6 months
 * Description
   Google Recaptcha service sets this cookie to identify bots to protect the
   website against malicious spam attacks.

 * Cookie
   rc::a
 * Duration
   Never Expires
 * Description
   This cookie is set by the Google recaptcha service to identify bots to
   protect the website against malicious spam attacks.

 * Cookie
   rc::f
 * Duration
   Never Expires
 * Description
   This cookie is set by the Google recaptcha service to identify bots to
   protect the website against malicious spam attacks.

 * Cookie
   rc::c
 * Duration
   session
 * Description
   This cookie is set by the Google recaptcha service to identify bots to
   protect the website against malicious spam attacks.

 * Cookie
   rc::b
 * Duration
   session
 * Description
   This cookie is set by the Google recaptcha service to identify bots to
   protect the website against malicious spam attacks.

Functional


Functional cookies help perform certain functionalities like sharing the content
of the website on social media platforms, collecting feedback, and other
third-party features.

 * Cookie
   yt-remote-device-id
 * Duration
   Never Expires
 * Description
   YouTube sets this cookie to store the user's video preferences using embedded
   YouTube videos.

 * Cookie
   ytidb::LAST_RESULT_ENTRY_KEY
 * Duration
   Never Expires
 * Description
   The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last
   search result entry that was clicked by the user. This information is used to
   improve the user experience by providing more relevant search results in the
   future.

 * Cookie
   yt-remote-connected-devices
 * Duration
   Never Expires
 * Description
   YouTube sets this cookie to store the user's video preferences using embedded
   YouTube videos.

 * Cookie
   yt-remote-session-app
 * Duration
   session
 * Description
   The yt-remote-session-app cookie is used by YouTube to store user preferences
   and information about the interface of the embedded YouTube video player.

 * Cookie
   yt-remote-cast-installed
 * Duration
   session
 * Description
   The yt-remote-cast-installed cookie is used to store the user's video player
   preferences using embedded YouTube video.

 * Cookie
   yt-remote-session-name
 * Duration
   session
 * Description
   The yt-remote-session-name cookie is used by YouTube to store the user's
   video player preferences using embedded YouTube video.

 * Cookie
   yt-remote-fast-check-period
 * Duration
   session
 * Description
   The yt-remote-fast-check-period cookie is used by YouTube to store the user's
   video player preferences for embedded YouTube videos.

 * Cookie
   sp_t
 * Duration
   1 year
 * Description
   The sp_t cookie is set by Spotify to implement audio content from Spotify on
   the website and also registers information on user interaction related to the
   audio content.

 * Cookie
   sp_landing
 * Duration
   1 day
 * Description
   The sp_landing is set by Spotify to implement audio content from Spotify on
   the website and also registers information on user interaction related to the
   audio content.

Analytics


Analytical cookies are used to understand how visitors interact with the
website. These cookies help provide information on metrics such as the number of
visitors, bounce rate, traffic source, etc.

 * Cookie
   _omappvp
 * Duration
   1 year 1 month 4 days
 * Description
   The _omappvp cookie is set to distinguish new and returning users and is used
   in conjunction with _omappvs cookie.

 * Cookie
   _omappvs
 * Duration
   20 minutes
 * Description
   The _omappvs cookie, used in conjunction with the _omappvp cookies, is used
   to determine if the visitor has visited the website before, or if it is a new
   visitor.

 * Cookie
   _gcl_au
 * Duration
   3 months
 * Description
   Google Tag Manager sets the cookie to experiment advertisement efficiency of
   websites using their services.

 * Cookie
   _ga_*
 * Duration
   1 year 1 month 4 days
 * Description
   Google Analytics sets this cookie to store and count page views.

 * Cookie
   _ga
 * Duration
   1 year 1 month 4 days
 * Description
   Google Analytics sets this cookie to calculate visitor, session and campaign
   data and track site usage for the site's analytics report. The cookie stores
   information anonymously and assigns a randomly generated number to recognise
   unique visitors.

 * Cookie
   _hjSessionUser_*
 * Duration
   1 year
 * Description
   Hotjar sets this cookie to ensure data from subsequent visits to the same
   site is attributed to the same user ID, which persists in the Hotjar User ID,
   which is unique to that site.

 * Cookie
   _hjSession_*
 * Duration
   1 hour
 * Description
   Hotjar sets this cookie to ensure data from subsequent visits to the same
   site is attributed to the same user ID, which persists in the Hotjar User ID,
   which is unique to that site.

 * Cookie
   _fbp
 * Duration
   3 months
 * Description
   Facebook sets this cookie to display advertisements when either on Facebook
   or on a digital platform powered by Facebook advertising after visiting the
   website.

 * Cookie
   _gh_sess
 * Duration
   session
 * Description
   GitHub sets this cookie for temporary application and framework state between
   pages like what step the user is on in a multiple step form.

Performance


Performance cookies are used to understand and analyse the key performance
indexes of the website which helps in delivering a better user experience for
the visitors.

 * Cookie
   loglevel
 * Duration
   Never Expires
 * Description
   Squarespace sets this cookie to maintain settings and outputs when using the
   Developer Tools Console on the current session.

Advertisement


Advertisement cookies are used to provide visitors with customised
advertisements based on the pages you visited previously and to analyse the
effectiveness of the ad campaigns.

 * Cookie
   YSC
 * Duration
   session
 * Description
   Youtube sets this cookie to track the views of embedded videos on Youtube
   pages.

 * Cookie
   VISITOR_INFO1_LIVE
 * Duration
   6 months
 * Description
   YouTube sets this cookie to measure bandwidth, determining whether the user
   gets the new or old player interface.

 * Cookie
   VISITOR_PRIVACY_METADATA
 * Duration
   6 months
 * Description
   YouTube sets this cookie to store the user's cookie consent state for the
   current domain.

 * Cookie
   yt.innertube::requests
 * Duration
   Never Expires
 * Description
   YouTube sets this cookie to register a unique ID to store data on what videos
   from YouTube the user has seen.

 * Cookie
   yt.innertube::nextId
 * Duration
   Never Expires
 * Description
   YouTube sets this cookie to register a unique ID to store data on what videos
   from YouTube the user has seen.

Uncategorised


Other uncategorised cookies are those that are being analysed and have not been
classified into a category as yet.

 * Cookie
   psdb_session
 * Duration
   2 hours
 * Description
   Description is currently not available.

 * Cookie
   patchstack_src
 * Duration
   1 year 1 month 4 days
 * Description
   Description is currently not available.

 * Cookie
   __Secure-ROLLOUT_TOKEN
 * Duration
   6 months
 * Description
   Description is currently not available.

 * Cookie
   _octo
 * Duration
   1 year
 * Description
   No description available.

 * Cookie
   logged_in
 * Duration
   1 year
 * Description
   No description available.

Reject All Save My Preferences Accept All
Powered by
Pricing
Solutions

WordPress security

Instantly fix and mitigate vulnerabilities

Plugin auditing

Paid auditing for WordPress vendors

Managed VDP

Start a security program for your plugin

Bug Bounty

Join the community and earn bounties

Enterprise API

At scale monitoring and vPatching for hosts

Vulnerability database

The latest WordPress security intelligence

Login
Start trial


WORDPRESS FLASH NEWS / POST (RESPONSIVE) PLUGIN <= 4.1 IS VULNERABLE TO CROSS
SITE REQUEST FORGERY (CSRF)

Low priority vPatch unnecessary
<= 4.1 Vulnerable version
No official fix available Fixed version
Plugin

No VDP

14 December 2024 by Patchstack


RISKS

CVSS 9.8

9.8


CROSS SITE REQUEST FORGERY (CSRF)

This could allow a malicious actor to force higher privileged users to execute
unwanted actions under their current authentication.

This is a general description of this vulnerability type, specific impact varies
case by case. CVSS score is a way to evaluate and rank reported vulnerabilities
in a standardized and repeatable way, but it is not ideal for CMSs.




SOLUTIONS

This security issue has a low severity impact and is unlikely to be exploited.




DETAILS

Software
Flash News / Post (Responsive)
Type
Plugin
Vulnerable versions
<= 4.1
Fixed in
N/A
OWASP Top 10
A1: Broken Access Control
Classification
Cross Site Request Forgery (CSRF)
CVE
CVE-2024-56012
Patch priority
Low
CVSS severity
Low (9.8)
Developer
Claim ownership
PSID
836401a23d39
Credits
Mika
Required privilege
Unauthenticated
Published
14 December, 2024
Expand full details Have additional information or questions about this entry?
Let us know.

FOUND THIS USEFUL? SUPPORT FOR REPORTING THIS VULNERABILITY.

Send thanks

FOUND THIS REPORT USEFUL?

Send thanks


TIMELINE

Reported by

Mika
14 Oct 2024

Early warning sent out to Patchstack customers

14 Dec 2024

Published by Patchstack

16 Dec 2024

Go to


Plugin page

No VDP

How can Patchstack provide the fastest protection?

Patchstack is one of the largest open-source vulnerability disclosers in the
world. For example, in 2023 more than 70% of new WordPress vulnerabilities were
originally published by Patchstack. This focus on research enables us to deploy
vulnerability protection rules faster than anybody else.

What is virtual patching?

Patchstack vPatching auto-mitigates security vulnerabilities even when there's
no official patch available. It's the fastest and most effective way to
eliminate new security vulnerabilities without sacrificing performance.

Why would a hacker target my website?

Hackers automate attacks against new security vulnerabilities to take over as
many websites as they can before users have time to patch and update. The
attacks are opportunistic and victims are not chosen - everyone is a target.

What if my website has already been compromised?

We recommend reaching out to your hosting provider for server-side malware
scanning or use a professional incident response service. Don't rely on plugin
based malware scanners as they are commonly tampered with by malware.





WEEKLY WORDPRESS SECURITY INTELLIGENCE DELIVERED TO YOUR INBOX.


Subscribe



WEBSITE SECURITY

Pricing For WordPress For WooCommerce For agencies API For hosts Documentation
FAQ Log in


FOR PLUGIN DEVS

Managed VDP Log inNEW Active programs Security auditing


FOR RESEARCHERS

Bug bounty Log inNEW Guidelines LearnNEW Discord


RESOURCES

Vulnerability Database Whitepaper 2024 WordPress StatisticsNEW Case studiesNEW
Articles


PATCHSTACK

About Careers AffiliatesNEW Merch store Media kit


SOCIALS

LinkedIn Facebook X
© 2024 Patchstack DPA Privacy Policy Terms & Conditions


WEBSITE SECURITY

Pricing For WordPress For WooCommerce For agencies API For hosts Documentation
FAQ Log in


FOR PLUGIN DEVS

Managed VDP Log inNEW Active programs Security auditing


FOR RESEARCHERS

Bug bounty Log inNEW Guidelines LearnNEW Discord


RESOURCES

Vulnerability Database Whitepaper 2024 WordPress StatisticsNEW Case studiesNEW
Articles


PATCHSTACK

About Careers AffiliatesNEW Merch store Media kit


SOCIALS

LinkedIn Facebook X


LET US KNOW IF WE HAVE MISSED A VULNERABILITY REPORTED ELSEWHERE


Report Close


RECAPTCHA'S VERIFICATION FAILED!


THANK YOU FOR CONTRIBUTING!

Close