EUVD-2024-32106

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

WordPress Country State City Dropdown plugin is vulnerable to unauthorized data modification.

Reporter	Title	Published	Views	Family All 10
CVE	CVE-2024-3520	2 May 202416:51	–	cve
Cvelist	CVE-2024-3520 Country State City Dropdown CF7 <= 2.7.1 - Missing Authorization	2 May 202416:51	–	cvelist
NVD	CVE-2024-3520	2 May 202417:15	–	nvd
Patchstack	WordPress Country State City Dropdown CF7 plugin <= 2.7.1 - Missing Authorization vulnerability	16 Apr 202401:07	–	patchstack
Patchstack	WordPress Country State City Dropdown CF7 Plugin <= 2.7.1 is vulnerable to Broken Access Control	16 Apr 202400:00	–	patchstack
Positive Technologies	PT-2024-26377 · WordPress · Country State City Dropdown Cf7	2 May 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-3520	23 May 202509:20	–	redhatcve
Vulnrichment	CVE-2024-3520 Country State City Dropdown CF7 <= 2.7.1 - Missing Authorization	2 May 202416:51	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024)	25 Apr 202415:56	–	wordfence
WPVulnDB	Country State City Dropdown CF7 < 2.7.2 - Missing Authorization	15 Apr 202400:00	–	wpvulndb

[
  {
    "enisaIdVendor": [
      {
        "id": "adcd1bf6-cd68-3fe9-b3bd-2f355b273229",
        "vendor": {
          "name": "trustyplugins"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "81939f7e-29fc-3960-b3e7-142cfdf93d3a",
        "product": {
          "name": "Country State City Dropdown CF7"
        },
        "product_version": "* ≤2.7.1"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/08ccd4a3-ea1f-49b3-b4ce-ab1e247e1f76
plugins	www.plugins.trac.wordpress.org/changeset/3068802/country-state-city-auto-dropdown/trunk

03 Oct 2025 20:07Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.14.3

EPSS0.00187

SSVC