exploitDog

CVE-2024-3940

Опубликовано: 14 мая 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Ссылки

https://wpscan.com/vulnerability/bb0245e5-8e94-4f11-9003-d6208945056c/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/bb0245e5-8e94-4f11-9003-d6208945056c/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bozdoz:recaptcha_jetpack:*:*:*:*:*:wordpress:*:*

Версия до 0.2.2 (включая)

EPSS

Процентиль: 52%

0.00285

Низкий

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-3g3h-99q7-v8x2

CVSS3: 8.8

github

больше 1 года назад

The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

EPSS

Процентиль: 52%

0.00285

Низкий

8.8 High

CVSS3

Дефекты

CWE-352