CVE-2024-6023 ContentLock <= 1.0.3 - Email Adding via CSRF

2024-07-1206:00:06

WPScan

www.cve.org

contentlock

wordpress

csrf

vulnerability

EPSS

0.001

Percentile

24.0%

JSON

The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when adding emails, which could allow attackers to make a logged in admin perform such action via a CSRF attack

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "ContentLock",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "1.0.3"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

wpscan.com/vulnerability/6e812189-2980-453d-931d-1f785e8dbcc0/

EPSS

0.001

Percentile

24.0%

JSON

Related for CVELIST:CVE-2024-6023