The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Metrics
Affected Vendors & Products
References
History
Wed, 28 May 2025 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Lukashuser
Lukashuser ekc Tournament Manager |
|
Weaknesses | CWE-352 | |
CPEs | cpe:2.3:a:lukashuser:ekc_tournament_manager:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Lukashuser
Lukashuser ekc Tournament Manager |
Fri, 16 May 2025 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Thu, 15 May 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The EKC Tournament Manager WordPress plugin before 2.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | |
Title | EKC Tournament Manager < 2.2.2 - Create Tournaments/Teams via CSRF | |
References |
|

Status: PUBLISHED
Assigner: WPScan
Published: 2025-05-15T20:07:22.641Z
Updated: 2025-05-16T20:32:47.207Z
Reserved: 2024-10-09T19:35:57.459Z
Link: CVE-2024-9709

Updated: 2025-05-16T20:32:41.727Z

Status : Analyzed
Published: 2025-05-15T20:16:01.107
Modified: 2025-05-28T15:41:13.123
Link: CVE-2024-9709

No data.