{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/csrf/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-3772"}],"_cs_exploited":false,"_cs_products":["WP Editor plugin \u003c= 1.2.9.2"],"_cs_severities":["high"],"_cs_tags":["csrf","wordpress","plugin","vulnerability"],"_cs_type":"advisory","_cs_vendors":["WordPress"],"content_html":"\u003cp\u003eThe WP Editor plugin, a WordPress plugin, contains a Cross-Site Request Forgery (CSRF) vulnerability affecting versions up to and including 1.2.9.2. This vulnerability stems from a lack of nonce verification in the \u0026lsquo;add_plugins_page\u0026rsquo; and \u0026lsquo;add_themes_page\u0026rsquo; functions. An unauthenticated attacker can exploit this vulnerability by crafting a malicious request designed to overwrite arbitrary plugin and theme PHP files with attacker-controlled code. The success of this attack hinges on the attacker\u0026rsquo;s ability to deceive a site administrator into triggering the forged request, typically by clicking a specially crafted link. This flaw allows for potential arbitrary code execution on the targeted WordPress site.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable WordPress site running a WP Editor plugin version \u0026lt;= 1.2.9.2.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u0026lsquo;add_plugins_page\u0026rsquo; or \u0026lsquo;add_themes_page\u0026rsquo; functions. This request includes parameters designed to overwrite a specific plugin or theme PHP file with attacker-supplied code.\u003c/li\u003e\n\u003cli\u003eThe attacker social engineers a WordPress administrator into clicking a malicious link or visiting a compromised website containing the forged request. This could be achieved via phishing emails or other deceptive techniques.\u003c/li\u003e\n\u003cli\u003eIf the administrator is logged into the WordPress dashboard, their browser automatically sends the forged request to the vulnerable WordPress site.\u003c/li\u003e\n\u003cli\u003eDue to the missing nonce verification, the WordPress site processes the request without validating its origin.\u003c/li\u003e\n\u003cli\u003eThe target plugin or theme PHP file is overwritten with the attacker\u0026rsquo;s malicious code.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s code is executed when the plugin or theme is loaded or accessed.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution on the WordPress server, potentially leading to complete site compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this CSRF vulnerability allows an unauthenticated attacker to inject arbitrary PHP code into a WordPress website. This can lead to a full compromise of the website, including data theft, defacement, or the installation of backdoors for persistent access. Given the widespread use of WordPress and the WP Editor plugin, a large number of websites are potentially at risk. Successful attacks can result in significant reputational damage and financial losses for affected website owners.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the WP Editor plugin to the latest available version, which includes a fix for CVE-2026-3772.\u003c/li\u003e\n\u003cli\u003eImplement strong CSRF protection measures on all WordPress forms and administrative functions.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect attempts to exploit this vulnerability through suspicious requests to the \u003ccode\u003eadd_plugins_page\u003c/code\u003e or \u003ccode\u003eadd_themes_page\u003c/code\u003e endpoints.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-01T12:16:16Z","date_published":"2026-05-01T12:16:16Z","id":"/briefs/2024-01-wp-editor-csrf/","summary":"The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to 1.2.9.2, allowing unauthenticated attackers to overwrite arbitrary plugin and theme PHP files with malicious code by tricking a site administrator into clicking a link.","title":"WP Editor Plugin CSRF Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-wp-editor-csrf/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2026-41347"}],"_cs_exploited":false,"_cs_products":["OpenClaw"],"_cs_severities":["medium"],"_cs_tags":["csrf","web-application","vulnerability"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eOpenClaw before version 2026.3.31 is susceptible to Cross-Site Request Forgery (CSRF) attacks. The vulnerability lies in the lack of browser-origin validation within the HTTP operator endpoints when the application operates in trusted-proxy mode. This allows an attacker to craft malicious HTTP requests originating from a user\u0026rsquo;s browser to perform unauthorized actions within the OpenClaw application. Successful exploitation of this vulnerability enables attackers to execute privileged operations, potentially leading to data modification or unauthorized access to sensitive functionalities. This vulnerability requires the application to be deployed in trusted-proxy mode to be exploitable.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious HTML page containing a forged HTTP request targeting a vulnerable OpenClaw HTTP operator endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker hosts the malicious HTML page on a website or delivers it through phishing.\u003c/li\u003e\n\u003cli\u003eA victim user, authenticated to the OpenClaw application, visits the malicious HTML page in their browser.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s browser automatically sends the forged HTTP request to the vulnerable OpenClaw endpoint.\u003c/li\u003e\n\u003cli\u003eBecause the OpenClaw application lacks proper browser-origin validation, it processes the forged request.\u003c/li\u003e\n\u003cli\u003eThe attacker is able to perform unauthorized actions as the authenticated user.\u003c/li\u003e\n\u003cli\u003eThe attacker can modify user configurations or exfiltrate data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this CSRF vulnerability in OpenClaw can lead to unauthorized modification of application settings, data manipulation, or even complete account takeover. While specific victim numbers are unavailable, the impact extends to any organization utilizing OpenClaw in a trusted-proxy deployment scenario. The vulnerability can potentially compromise data integrity and confidentiality, leading to significant operational disruptions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.3.31 or later to patch CVE-2026-41347.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule below to detect suspicious HTTP requests lacking proper origin validation within your web server logs.\u003c/li\u003e\n\u003cli\u003eImplement proper CSRF protection mechanisms, such as synchronizer tokens, in OpenClaw\u0026rsquo;s HTTP operator endpoints.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-24T12:00:00Z","date_published":"2026-04-24T12:00:00Z","id":"/briefs/2026-04-openclaw-csrf/","summary":"OpenClaw before 2026.3.31 is vulnerable to cross-site request forgery (CSRF) attacks due to missing browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing attackers to perform unauthorized actions.","title":"OpenClaw Cross-Site Request Forgery Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-openclaw-csrf/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-3499"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["wordpress","woocommerce","csrf","cve-2026-3499"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce plugin, a WordPress plugin, suffers from a Cross-Site Request Forgery (CSRF) vulnerability. Present in versions 13.4.6 through 13.5.2.1, this flaw allows unauthenticated attackers to execute administrative functions if they can successfully coerce a site administrator into performing an action, such as clicking a specially crafted link. The vulnerability stems from the plugin\u0026rsquo;s failure to implement proper nonce validation on several AJAX actions, including \u003ccode\u003eajax_migrate_to_custom_post_type\u003c/code\u003e, \u003ccode\u003eajax_adt_clear_custom_attributes_product_meta_keys\u003c/code\u003e, \u003ccode\u003eajax_update_file_url_to_lower_case\u003c/code\u003e, \u003ccode\u003eajax_use_legacy_filters_and_rules\u003c/code\u003e, and \u003ccode\u003eajax_fix_duplicate_feed\u003c/code\u003e. This vulnerability poses a significant risk to WooCommerce store owners using the affected plugin.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious URL containing a request to one of the vulnerable AJAX actions (e.g., \u003ccode\u003eajax_migrate_to_custom_post_type\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious URL via email, social media, or another channel, attempting to trick a WordPress administrator into clicking the link.\u003c/li\u003e\n\u003cli\u003eThe administrator, while authenticated to the WordPress admin panel, clicks the malicious link.\u003c/li\u003e\n\u003cli\u003eThe administrator\u0026rsquo;s browser sends the forged request to the WordPress server, including the administrator\u0026rsquo;s session cookies.\u003c/li\u003e\n\u003cli\u003eDue to the missing or incorrect nonce validation, the WordPress server processes the request as if it were a legitimate action performed by the administrator.\u003c/li\u003e\n\u003cli\u003eDepending on the specific AJAX action targeted, the attacker can trigger feed migration, clear custom attribute caches, rewrite feed file URLs to lowercase, toggle legacy filter and rule settings, or delete duplicate feed posts.\u003c/li\u003e\n\u003cli\u003eThe attacker repeats this process to perform other administrative actions, gaining control over the plugin\u0026rsquo;s settings and data.\u003c/li\u003e\n\u003cli\u003eThe attacker potentially manipulates product feeds to inject malicious content, redirect users, or compromise the WooCommerce store\u0026rsquo;s SEO.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this CSRF vulnerability (CVE-2026-3499) could allow an attacker to manipulate a WooCommerce store\u0026rsquo;s product feeds, potentially leading to data corruption, SEO poisoning, or the injection of malicious content. If successful, attackers could modify product information, redirect users to phishing sites, or damage the store\u0026rsquo;s reputation. The severity of the impact depends on the targeted AJAX action, but the potential for unauthorized administrative control is significant. Given the wide usage of WooCommerce and the Product Feed PRO plugin, a large number of online stores are potentially at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Product Feed PRO for WooCommerce plugin to a patched version greater than 13.5.2.1 to remediate CVE-2026-3499.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rules to your SIEM to detect exploitation attempts targeting the vulnerable AJAX actions.\u003c/li\u003e\n\u003cli\u003eImplement web application firewall (WAF) rules to block requests to the vulnerable AJAX endpoints originating from suspicious referrers.\u003c/li\u003e\n\u003cli\u003eEducate WordPress administrators on the risks of CSRF attacks and the importance of verifying links before clicking them.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T02:16:04Z","date_published":"2026-04-08T02:16:04Z","id":"/briefs/2026-04-woocommerce-csrf/","summary":"The Product Feed PRO for WooCommerce WordPress plugin (versions 13.4.6-13.5.2.1) is vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing unauthenticated attackers to perform administrative actions by tricking an administrator into clicking a malicious link.","title":"Product Feed PRO for WooCommerce Plugin CSRF Vulnerability (CVE-2026-3499)","url":"https://feed.craftedsignal.io/briefs/2026-04-woocommerce-csrf/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-34896"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["wordpress","csrf","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA cross-site request forgery (CSRF) vulnerability, identified as CVE-2026-34896, affects the Analytify Under Construction, Coming Soon \u0026amp; Maintenance Mode WordPress plugin. This vulnerability allows an attacker to trick a user into performing actions they did not intend to, such as modifying plugin settings or performing administrative tasks, provided the targeted user is authenticated to the WordPress site. The vulnerability exists in versions from n/a through 2.1.1. The vulnerability was reported to affect a publicly available plugin, increasing the scope of potentially impacted websites. Successful exploitation could lead to arbitrary code execution depending on the privileges of the targeted user and plugin functionality that can be abused.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable WordPress site running the affected plugin.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTML page containing a CSRF exploit. This page contains a crafted HTTP request designed to trigger a specific action within the plugin (e.g., changing settings) when submitted by an authenticated user.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious HTML page via email, social media, or other means to a targeted WordPress administrator or user.\u003c/li\u003e\n\u003cli\u003eThe targeted user, while logged into the vulnerable WordPress site, visits the malicious HTML page.\u003c/li\u003e\n\u003cli\u003eThe user\u0026rsquo;s browser automatically submits the crafted HTTP request to the WordPress site without the user\u0026rsquo;s knowledge or consent.\u003c/li\u003e\n\u003cli\u003eThe WordPress site, believing the request originated from the authenticated user, processes the request and executes the attacker\u0026rsquo;s desired action.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s malicious action, such as changing plugin settings, is successfully performed on the vulnerable WordPress site.\u003c/li\u003e\n\u003cli\u003eDepending on the privileges of the compromised user and vulnerable plugin settings, the attacker may be able to achieve arbitrary code execution, site defacement, or data theft.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this CSRF vulnerability (CVE-2026-34896) in the Analytify Under Construction, Coming Soon \u0026amp; Maintenance Mode WordPress plugin could lead to unauthorized modification of website settings, potentially resulting in site defacement, malware injection, or complete website takeover. The impact depends on the targeted user\u0026rsquo;s privileges and the plugin\u0026rsquo;s configurable options. While the exact number of affected websites is unknown, the plugin\u0026rsquo;s popularity suggests a potentially broad impact across various sectors using WordPress for their online presence.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the Analytify Under Construction, Coming Soon \u0026amp; Maintenance Mode WordPress plugin to a version beyond 2.1.1 to patch CVE-2026-34896.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect WordPress Plugin Setting Changes via POST\u003c/code\u003e to monitor for unauthorized changes to WordPress plugins.\u003c/li\u003e\n\u003cli\u003eEducate WordPress users on the risks of CSRF attacks and the importance of verifying the legitimacy of links and websites before clicking them.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T09:16:21Z","date_published":"2026-04-07T09:16:21Z","id":"/briefs/2026-04-wordpress-csrf/","summary":"A cross-site request forgery (CSRF) vulnerability exists in the Analytify Under Construction, Coming Soon \u0026 Maintenance Mode WordPress plugin (versions n/a through 2.1.1), potentially allowing attackers to execute unauthorized actions on behalf of legitimate users.","title":"CSRF Vulnerability in WordPress Under Construction Plugin (CVE-2026-34896)","url":"https://feed.craftedsignal.io/briefs/2026-04-wordpress-csrf/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["gitlab","csrf","cve-2026-3857","graphql"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eGitLab has addressed a critical security flaw, identified as CVE-2026-3857, within its Community Edition (CE) and Enterprise Edition (EE). This vulnerability impacts GitLab instances running versions 17.10 up to, but not including, 18.8.7, versions 18.9 up to 18.9.3, and versions 18.10 up to 18.10.1.  The core issue lies in insufficient Cross-Site Request Forgery (CSRF) protection when handling GraphQL mutations. An unauthenticated attacker could exploit this by crafting malicious web pages…\u003c/p\u003e\n","date_modified":"2026-03-26T12:00:00Z","date_published":"2026-03-26T12:00:00Z","id":"/briefs/2026-03-gitlab-csrf/","summary":"CVE-2026-3857 describes a vulnerability in GitLab CE/EE versions 17.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1, where an unauthenticated user can execute arbitrary GraphQL mutations on behalf of authenticated users due to insufficient CSRF protection, potentially leading to data modification or privilege escalation.","title":"GitLab GraphQL CSRF Vulnerability (CVE-2026-3857)","url":"https://feed.craftedsignal.io/briefs/2026-03-gitlab-csrf/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["engramx"],"_cs_severities":["high"],"_cs_tags":["csrf","prompt-injection","engramx"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe \u003ccode\u003eengramx\u003c/code\u003e HTTP server, which is enabled by default and listens on \u003ccode\u003e127.0.0.1:7337\u003c/code\u003e, is vulnerable to Cross-Site Request Forgery (CSRF) and prompt injection attacks in versions prior to 2.0.2. This vulnerability stems from a combination of a wildcard CORS policy (\u003ccode\u003eAccess-Control-Allow-Origin: *\u003c/code\u003e) and the absence of authentication by default. An attacker could exploit this by enticing a developer to visit a malicious web page, leading to the exfiltration of sensitive data from the local knowledge graph and the injection of malicious payloads. The vulnerability was discovered and responsibly disclosed by @gabiudrescu in engram issue #7. Defenders should prioritize upgrading to version 2.0.2 or implementing the provided workarounds to mitigate the risk of unauthorized access and persistent compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eA developer installs a vulnerable version of \u003ccode\u003eengramx\u003c/code\u003e (\u0026gt;= 1.0.0, \u0026lt; 2.0.2) and the HTTP server starts by default.\u003c/li\u003e\n\u003cli\u003eThe server binds to \u003ccode\u003e127.0.0.1:7337\u003c/code\u003e and serves requests without requiring authentication unless \u003ccode\u003eENGRAM_API_TOKEN\u003c/code\u003e is explicitly set.\u003c/li\u003e\n\u003cli\u003eA developer visits a malicious website in their browser.\u003c/li\u003e\n\u003cli\u003eThe malicious website crafts a cross-origin request to \u003ccode\u003e127.0.0.1:7337\u003c/code\u003e due to the \u003ccode\u003eAccess-Control-Allow-Origin: *\u003c/code\u003e header.\u003c/li\u003e\n\u003cli\u003eA \u003ccode\u003eGET\u003c/code\u003e request to \u003ccode\u003e/query\u003c/code\u003e or \u003ccode\u003e/stats\u003c/code\u003e is sent, exfiltrating the local knowledge graph, including function names, file layout, and recorded decisions/mistakes.\u003c/li\u003e\n\u003cli\u003eA \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003e/learn\u003c/code\u003e is sent with a crafted prompt-injection payload, exploiting the lack of \u003ccode\u003eContent-Type: application/json\u003c/code\u003e enforcement.\u003c/li\u003e\n\u003cli\u003eThe injected payload is written as \u003ccode\u003emistake\u003c/code\u003e/\u003ccode\u003edecision\u003c/code\u003e nodes in the knowledge graph.\u003c/li\u003e\n\u003cli\u003eThe user\u0026rsquo;s AI coding agent is persistently reminded of the injected payload on every future session and file edit, leading to compromised code generation and execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to the compromise of sensitive developer data, including internal function names, file layouts, and coding decisions, allowing attackers to gain insights into the target\u0026rsquo;s projects. Furthermore, the injection of persistent prompt-injection payloads can lead to the ongoing corruption of the user\u0026rsquo;s AI coding agent, potentially causing the generation of flawed or malicious code. While the exact number of affected users is unknown, any developer using a vulnerable version of \u003ccode\u003eengramx\u003c/code\u003e is susceptible to this attack.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003eengramx@2.0.2\u003c/code\u003e or later to apply the remediation measures outlined in the advisory.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, do \u003cstrong\u003enot\u003c/strong\u003e run \u003ccode\u003eengram server\u003c/code\u003e or \u003ccode\u003eengram ui\u003c/code\u003e as a workaround.\u003c/li\u003e\n\u003cli\u003eIf \u003ccode\u003eengram server\u003c/code\u003e must be run, set \u003ccode\u003eENGRAM_API_TOKEN\u003c/code\u003e to a long random value and terminate the server before browsing the web (as noted in the advisory).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect engramx API access without authentication\u0026rdquo; to identify potentially unauthorized access attempts to the engramx API.\u003c/li\u003e\n\u003cli\u003eMonitor network connections to port 7337 on localhost, filtering for unexpected processes initiating connections.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-24T12:00:00Z","date_published":"2024-01-24T12:00:00Z","id":"/briefs/2024-01-engram-csrf-prompt-injection/","summary":"The engramx HTTP server, enabled by default and binding to 127.0.0.1:7337, is vulnerable to CSRF and prompt injection attacks, allowing a malicious website to exfiltrate the local knowledge graph and inject persistent prompt-injection payloads.","title":"engramx vulnerable to CSRF enabling graph exfiltration and prompt injection","url":"https://feed.craftedsignal.io/briefs/2024-01-engram-csrf-prompt-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Csrf","version":"https://jsonfeed.org/version/1.1"}