Lucene search

K
cvePatchstackCVE-2024-32082
HistoryApr 15, 2024 - 8:15 a.m.

CVE-2024-32082

2024-04-1508:15:12
CWE-352
Patchstack
web.nvd.nist.gov
26
cve-2024-32082
cross-site request forgery
csrf
kp4coder
sync post
cross-site scripting
xss
security vulnerability
nvd

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

0

Percentile

9.0%

Cross-Site Request Forgery (CSRF) vulnerability in kp4coder Sync Post With Other Site allows Cross-Site Scripting (XSS).This issue affects Sync Post With Other Site: from n/a through 1.5.1.

Affected configurations

Vulners
Node
kp4codersync_post_with_other_siteRange1.5.1wordpress
VendorProductVersionCPE
kp4codersync_post_with_other_site*cpe:2.3:a:kp4coder:sync_post_with_other_site:*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "sync-post-with-other-site",
    "product": "Sync Post With Other Site",
    "vendor": "kp4coder",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

AI Score

6.5

Confidence

High

EPSS

0

Percentile

9.0%