CVE-2024-2262

2024-04-0105:15:07

[email protected]

web.nvd.nist.gov

themify wordpress plugin

csrf attack

logged in users

delete filters

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs

Affected configurations

Vulners

Node

themifythemify_ultraRange<1.4.4

VendorProductVersionCPE
themifythemify_ultra*cpe:2.3:a:themify:themify_ultra:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
themify	themify_ultra	*	cpe:2.3:a:themify:themify_ultra::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Themify ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.4.4"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/30544377-b90d-4762-b38a-ec89bda0dfdc/