Lucene search
HistoryApr 15, 2024 - 5:15 a.m.
CVE-2024-2858
wordpress
plugin
csrf attacks
CVSS3
4.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
AI Score
6.5
Confidence
High
EPSS
0
Percentile
9.0%
The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Related
wpvulndb
wpvulndb
Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF
2024-03-25 00:00:00
wpexploit
wpexploit
Simple Buttons Creator <= 1.04 - Aribtrary Button Deletion via CSRF
2024-03-25 00:00:00
cve
cve
CVE-2024-2858
2024-04-15 05:15:15
cvelist
cvelist
vulnrichment
vulnrichment
wordfence
wordfence
CVSS3
4.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
AI Score
6.5
Confidence
High
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-2858