Lucene search

JpcertCVE-2024-38345

HistoryJul 04, 2024 - 1:15 a.m.

CVE-2024-38345

2024-07-0401:15:02

jpcert

web.nvd.nist.gov

cross-site request forgery

sola testimonials

wordpress site

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

Percentile

9.1%

JSON

A cross-site request forgery vulnerability exists in Sola Testimonials versions prior to 3.0.0. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site.

Affected configurations

Vulners

Node

sola_pluginssola_testimonialsRange<3.0.0

VendorProductVersionCPE
sola_pluginssola_testimonials*cpe:2.3:a:sola_plugins:sola_testimonials:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sola_plugins	sola_testimonials	*	cpe:2.3:a:sola_plugins:sola_testimonials::::::::

CNA Affected

[
  {
    "vendor": "Sola Plugins",
    "product": "Sola Testimonials",
    "versions": [
      {
        "version": "versions prior to 3.0.0",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN34977158/

wordpress.org/plugins/sola-testimonials/

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-38345