Threat Entry Updated 2025-05-15

CVE-2024-3824 - Base64 Encoderdecoder Plugin

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack

PLUGIN Base64 Encoderdecoder

CVE-2024-3824

MEDIUM CVSS 5.5 2024-05-15

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-15

CVE-2024-3822 - Base64 Encoderdecoder Plugin

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

PLUGIN Base64 Encoderdecoder

CVE-2024-3822

MEDIUM CVSS 4.8 2024-05-15

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-05-15

CVE-2024-3823 - Base64 Encoderdecoder Plugin

The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

PLUGIN Base64 Encoderdecoder

CVE-2024-3823

LOW CVSS 2.4 2024-05-15

Risk Score

Open Full Technical Breakdown