Lucene search
WPScanCVE-2024-8093HistorySep 17, 2024 - 6:15 a.m.
CVE-2024-8093
2024-09-1706:15:02
CWE-352
WPScan
web.nvd.nist.gov
27
wordpress plugin
csrf attack
unauthorized changes
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
18.6%
The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Affected configurations
Node
lucasgarciaposts_reminderRange≤0.20wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lucasgarcia | posts_reminder | * | cpe:2.3:a:lucasgarcia:posts_reminder:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Posts reminder",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "0.20"
}
],
"defaultStatus": "affected"
}
]Related
cvelist
cvelist
CVE-2024-8093 Posts reminder <= 0.20 - Settings Update via CSRF
2024-09-17 06:00:06
nvd
nvd
CVE-2024-8093
2024-09-17 06:15:02
vulnrichment
vulnrichment
CVE-2024-8093 Posts reminder <= 0.20 - Settings Update via CSRF
2024-09-17 06:00:06
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
18.6%
Related for CVE-2024-8093