CVE-2024-8047 Visual Sound (old) <= 1.06 - Settings Update via CSRF

2024-09-1706:00:05

WPScan

github.com

cve-2024-8047

visual sound

wordpress plugin

csrf

vulnerability

settings

update

admin

EPSS

Percentile

9.6%

SSVC

Exploitation

poc

Automatable

Technical Impact

partial

JSON

The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:visual_sound:visual_sound:*:*:*:*:*:*:*:*"
    ],
    "vendor": "visual_sound",
    "product": "visual_sound",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "1.06"
      }
    ],
    "defaultStatus": "unknown"
  }
]