Summary
There is a cross-site request forgery vulnerability in the authenticate() helper function. The bug causes any supplied CSRF token to be considered valid.
Impact
This bug allows a malicious website to trigger unwanted actions on a user's blog site, if the user is logged-in to their blog when visiting the malicious site.
Patches
The issue is patched in Chyrp Lite "Sombre" v2024.01.
Summary
There is a cross-site request forgery vulnerability in the
authenticate()helper function. The bug causes any supplied CSRF token to be considered valid.Impact
This bug allows a malicious website to trigger unwanted actions on a user's blog site, if the user is logged-in to their blog when visiting the malicious site.
Patches
The issue is patched in Chyrp Lite "Sombre" v2024.01.