exploitDog

GHSA-p528-6gx5-qw3c

Опубликовано: 18 дек. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.

The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.

Ссылки

EPSS

Процентиль: 39%

0.00176

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2024-10892

CVSS3: 5.4

nvd

около 1 года назад

The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.

EPSS

Процентиль: 39%

0.00176

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-352