exploitDog

CVE-2024-3472

Опубликовано: 02 мая 2024

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/d42f74dd-520f-40aa-9cf0-3544db9562c7/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/d42f74dd-520f-40aa-9cf0-3544db9562c7/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wow-company:modal_window:*:*:*:*:*:wordpress:*:*

Версия до 5.3.10 (исключая)

EPSS

Процентиль: 20%

0.00064

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-wwjm-ww5x-84hm

CVSS3: 5.9

github

почти 2 года назад

The Modal Window WordPress plugin before 5.3.10 does not have CSRF check in place when bulk deleting modals, which could allow attackers to make a logged in admin delete them via a CSRF attack

EPSS

Процентиль: 20%

0.00064

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-352