Lucene search

[email protected]NVD:CVE-2024-6720

HistoryAug 06, 2024 - 4:15 p.m.

CVE-2024-6720

2024-08-0616:15:49

CWE-352

[email protected]

web.nvd.nist.gov

light poll wordpress

csrf checks

attackers

unwanted actions

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.8%

JSON

The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Affected configurations

Nvd

Node

dmytropopovlight_pollRange≤1.0.0wordpress

VendorProductVersionCPE
dmytropopovlight_poll*cpe:2.3:a:dmytropopov:light_poll:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
dmytropopov	light_poll	*	cpe:2.3:a:dmytropopov:light_poll::::::wordpress::*

References

wpscan.com/vulnerability/d1449be1-ae85-46f4-b5ba-390d25b87723/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.8%

JSON

Related for NVD:CVE-2024-6720

cvelist1 vulnrichment1 cve1 wordfence1