Lucene search
WPScanCVE-2024-4531HistoryMay 27, 2024 - 6:15 a.m.
CVE-2024-4531
2024-05-2706:15:10
WPScan
web.nvd.nist.gov
31
cve-2024-4531
wordpress
plugin
csrf
vulnerability
nvd
attackers
logged in users
unwanted actions
editing cards
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
AI Score
6.7
Confidence
High
EPSS
0
Percentile
9.0%
The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF attacks
Affected configurations
Node
business_cardRange≤1.0.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | business_card | * | cpe:2.3:a:*:business_card:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Business Card",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.0.0"
}
],
"defaultStatus": "affected"
}
]Related
nvd
nvd
CVE-2024-4531
2024-05-27 06:15:10
cvelist
cvelist
CVE-2024-4531 Business Card <= 1.0.0 - Card Edit via CSRF
2024-05-27 06:00:02
wpexploit
wpexploit
Business Card <= 1.0.0 - Card Edit via CSRF
2024-05-06 00:00:00
vulnrichment
vulnrichment
CVE-2024-4531 Business Card <= 1.0.0 - Card Edit via CSRF
2024-05-27 06:00:02
wpvulndb
wpvulndb
Business Card <= 1.0.0 - Card Edit via CSRF
2024-05-06 00:00:00
wordfence
wordfence
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
AI Score
6.7
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-4531