Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:25 a.m.4 views

CVE-2024-12771

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customerpanelpasswordreset' function. This makes it possible for...

8.8CVSS9.2AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2024/12/21 7:15 a.m.12 views

CVE-2024-12771

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customerpanelpasswordreset' function. This makes it possible for...

8.8CVSS0.00263EPSS
Exploits0References4
CVE
CVE
added 2024/12/21 7:2 a.m.52 views

CVE-2024-12771

CVE-2024-12771 affects the eCommerce Product Catalog Plugin for WordPress. It is a CSRF vulnerability caused by missing nonce validation in customer_panel_password_reset, enabling unauthenticated attackers to reset the password of any administrator or customer account via a forged request if the ...

8.8CVSS8.5AI score0.00263EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/21 7:2 a.m.5 views

CVE-2024-12771 eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customerpanelpasswordreset' function. This makes it possible for...

8.8CVSS6.5AI score0.00263EPSS
Exploits0References4
Rows per page
Query Builder