Lucene search

K

[email protected]NVD:CVE-2024-5155

HistoryJun 14, 2024 - 6:15 a.m.

CVE-2024-5155

2024-06-1406:15:13

[email protected]

web.nvd.nist.gov

3

inquiry cart

wordpress plugin

csrf attack

stored xss payloads

sanitisation

escaping

0.0004 Low

EPSS

Percentile

9.1%

The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

References

wpscan.com/vulnerability/f1e90a8a-d959-4316-a5d4-e183854944bd/

0.0004 Low

EPSS

Percentile

9.1%

Related for NVD:CVE-2024-5155

cve1 wpvulndb1 cvelist1 wpexploit1 vulnrichment1 wordfence1