exploitDog

GHSA-72vc-f76g-4qq4

Опубликовано: 02 мая 2024

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks

The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks

Ссылки

EPSS

Процентиль: 32%

0.00124

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2024-3477

CVSS3: 4.3

nvd

почти 2 года назад

The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks

EPSS

Процентиль: 32%

0.00124

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352