exploitDog

GHSA-6fc3-8g79-3f39

Опубликовано: 25 мар. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack

The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack

Ссылки

EPSS

Процентиль: 70%

0.00651

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2024-1962

CVSS3: 8.8

nvd

почти 2 года назад

The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack

EPSS

Процентиль: 70%

0.00651

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-352