exploitDog

CVE-2024-6925

Опубликовано: 08 сент. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

Ссылки

https://wpscan.com/vulnerability/1da75fd7-e44f-4043-b8f4-7ee975356982/
Exploit
Technical Description

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:themetechmount:truebooker:*:*:*:*:*:wordpress:*:*

Версия до 1.0.2 (включая)

EPSS

Процентиль: 38%

0.0017

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352

Связанные уязвимости

GHSA-rf9h-8cx8-5xww

CVSS3: 4.3

github

больше 1 года назад

The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

EPSS

Процентиль: 38%

0.0017

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-352