Lucene search

WPScanVULNRICHMENT:CVE-2024-3163

HistorySep 12, 2024 - 6:00 a.m.

CVE-2024-3163 Easy Property Listings < 3.5.4 - Arbitrary Contact Deletion via CSRF

2024-09-1206:00:02

WPScan

github.com

easy property listings

wordpress

csrf

vulnerability

bulk deletion

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

17.7%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:easy_property_listings:easy_property_listings:*:*:*:*:*:*:*:*"
    ],
    "vendor": "easy_property_listings",
    "product": "easy_property_listings",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "3.5.4"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

wpscan.com/vulnerability/f89c8654-5486-4939-880d-101f33d359c0/