Lucene search

[email protected]NVD:CVE-2024-7820

HistorySep 12, 2024 - 6:15 a.m.

CVE-2024-7820

2024-09-1206:15:24

CWE-352

[email protected]

web.nvd.nist.gov

ilc thickbox

wordpress

csrf vulnerability

update settings

attackers

logged in admin

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

18.6%

JSON

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Affected configurations

Nvd

Node

elliotilc_thickboxRange≤1.0wordpress

VendorProductVersionCPE
elliotilc_thickbox*cpe:2.3:a:elliot:ilc_thickbox:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
elliot	ilc_thickbox	*	cpe:2.3:a:elliot:ilc_thickbox::::::wordpress::*

References

wpscan.com/vulnerability/31b2c97b-2458-43ee-93db-e57968ac8455/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

18.6%

JSON

Related for NVD:CVE-2024-7820

cve1 vulnrichment1 cvelist1 wordfence1