exploitDog

GHSA-8q98-72mq-w92m

Опубликовано: 06 мая 2024

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack

Ссылки

EPSS

Процентиль: 63%

0.00453

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2024-3756

CVSS3: 7.5

nvd

почти 2 года назад

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack

EPSS

Процентиль: 63%

0.00453

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-352