Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveWordfenceCVE-2024-3246
HistoryJul 24, 2024 - 4:15 a.m.

CVE-2024-3246

2024-07-2404:15:04
CWE-352
Wordfence
web.nvd.nist.gov
30
litespeed cache plugin
wordpress
cross-site request forgery

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.4%

JSON

The LiteSpeed Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the token setting and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affected configurations

Nvd
Vulners
Vulnrichment
Node
litespeedtechlitespeed_cacheRange<6.3wordpress
VendorProductVersionCPE
litespeedtechlitespeed_cache*cpe:2.3:a:litespeedtech:litespeed_cache:*:*:*:*:*:wordpress:*:*

CNA Affected

[
  {
    "vendor": "litespeedtech",
    "product": "LiteSpeed Cache",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "6.2.0.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Related

cvelist 1
vulnrichment 1
nvd 1
openvas 2
wordfence 1
cvelist
cvelist
CVE-2024-3246 LiteSpeed Cache <= 6.2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
2024-07-24 03:17:17
vulnrichment
vulnrichment
CVE-2024-3246 LiteSpeed Cache <= 6.2.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
2024-07-24 03:17:17
nvd
nvd
CVE-2024-3246
2024-07-24 04:15:04
openvas
openvas
openSUSE: Security Advisory for flatpak (SUSE-SU-2024:1535-1)
2024-05-13 00:00:00
openSUSE: Security Advisory for flatpak (SUSE-SU-2024:1536-1)
2024-05-13 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 22, 2024 to July 28, 2024)
2024-08-01 14:18:10

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

17.4%

JSON
Related for CVE-2024-3246
cvelist1vulnrichment1nvd1openvas2wordfence1