Lucene search
WPScanCVE-2024-7862HistorySep 12, 2024 - 6:15 a.m.
CVE-2024-7862
2024-09-1206:15:25
CWE-352
WPScan
web.nvd.nist.gov
24
wordpress
plugin
csrf
vulnerability
settings
attack
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7
Confidence
High
EPSS
0
Percentile
9.6%
The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Affected configurations
Node
kimhuebelblogintroduction-wordpress-pluginRange≤0.3.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| kimhuebel | blogintroduction-wordpress-plugin | * | cpe:2.3:a:kimhuebel:blogintroduction-wordpress-plugin:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "blogintroduction-wordpress-plugin",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "0.3.0"
}
],
"defaultStatus": "affected"
}
]Related
cvelist
cvelist
CVE-2024-7862 Blog Introduction <= 0.3.0 - Settings Update via CSRF
2024-09-12 06:00:06
nvd
nvd
CVE-2024-7862
2024-09-12 06:15:25
vulnrichment
vulnrichment
CVE-2024-7862 Blog Introduction <= 0.3.0 - Settings Update via CSRF
2024-09-12 06:00:06
wordfence
wordfence
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7
Confidence
High
EPSS
0
Percentile
9.6%
Related for CVE-2024-7862