Lucene search

CVE-2024-3940

🗓️ 14 May 2024 15:36:42Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 42 Views🌐 WEB

reCAPTCHA Jetpack WordPress Plugin CSRF Vulnerabilit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
NVD	CVE-2024-3940	14 May 202415:42	–	nvd
Patchstack	WordPress reCAPTCHA Jetpack Plugin <= 0.2.2 is vulnerable to Cross Site Request Forgery (CSRF)	15 May 202400:00	–	patchstack
wpexploit	reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF	19 Apr 202400:00	–	wpexploit
WPVulnDB	reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF	19 Apr 202400:00	–	wpvulndb
Cvelist	CVE-2024-3940 reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF	10 May 202406:00	–	cvelist
Vulnrichment	CVE-2024-3940 reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF	10 May 202406:00	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)	25 Apr 202415:56	–	wordfence

Vulners

Node

recaptcha_jetpackRange≤0.2.2wordpress

[
  {
    "vendor": "Unknown",
    "product": "reCAPTCHA Jetpack",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "0.2.2"
      }
    ],
    "defaultStatus": "affected"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/bb0245e5-8e94-4f11-9003-d6208945056c/

Parameter	Position	Path	Description	CWE
site_key	request body	/wp-admin/options-general.php?page=recaptcha-jetpack	CSRF vulnerability allows attackers to change settings without proper checks.	CWE-352
secret_key	request body	/wp-admin/options-general.php?page=recaptcha-jetpack	CSRF vulnerability allows attackers to change settings without proper checks.	CWE-352
recaptcha_type	request body	/wp-admin/options-general.php?page=recaptcha-jetpack	CSRF vulnerability allows attackers to change settings without proper checks.	CWE-352
reset	request body	/wp-admin/options-general.php?page=recaptcha-jetpack	CSRF vulnerability allows attackers to change settings without proper checks.	CWE-352

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 May 2024 15:42Current

6.6Medium risk

Vulners AI Score6.6

CVSS38.8

EPSS0.00115

SSVC