Lucene search
WPScanCVE-2024-7820HistorySep 12, 2024 - 6:15 a.m.
CVE-2024-7820
2024-09-1206:15:24
CWE-352
WPScan
web.nvd.nist.gov
23
ilc thickbox
wordpress plugin
csrf attack
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7
Confidence
High
EPSS
0.001
Percentile
18.6%
The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Affected configurations
Node
elliotilc_thickboxRange≤1.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| elliot | ilc_thickbox | * | cpe:2.3:a:elliot:ilc_thickbox:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "ILC Thickbox",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "1.0"
}
],
"defaultStatus": "affected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-7820 ILC Thickbox <= 1.0 - Settings update via CSRF
2024-09-12 06:00:05
cvelist
cvelist
CVE-2024-7820 ILC Thickbox <= 1.0 - Settings update via CSRF
2024-09-12 06:00:05
nvd
nvd
CVE-2024-7820
2024-09-12 06:15:24
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7
Confidence
High
EPSS
0.001
Percentile
18.6%
Related for CVE-2024-7820