Lucene search
PatchstackCVELIST:CVE-2024-24929HistoryFeb 12, 2024 - 8:39 a.m.
CVE-2024-24929 WordPress WP Contact Form Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)
2024-02-1208:39:26
CWE-352
Patchstack
www.cve.org
wordpress
contact form
csrf
vulnerability
cross-site request forgery
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form.This issue affects WP Contact Form: from n/a through 1.6.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-contact-form",
"product": "WP Contact Form",
"vendor": "Ryan Duff, Peter Westwood",
"versions": [
{
"lessThanOrEqual": "1.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2024-24929
2024-02-12 09:15:12
nvd
nvd
CVE-2024-24929
2024-02-12 09:15:12
prion
prion
Cross site request forgery (csrf)
2024-02-12 09:15:00
wpvulndb
wpvulndb
WP Contact Form <= 1.6 - Cross-Site Request Forgery via wpcf_adminpage
2024-02-12 00:00:00
wallarmlab
wallarmlab
wordfence
wordfence
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2024-24929