Lucene search
WpvulndbWPVDB-ID:763DBC3D-D15C-4408-89BB-7AB736CC7FF6HistoryFeb 08, 2024 - 12:00 a.m.
Themify Builder < 7.0.6 - Cross-Site Request Forgery
2024-02-0800:00:00
wpscan.com
3
themify builder
wordpress
cross-site request forgery
vulnerability
cache clearing
Description The Themify Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.0.5. This is due to missing or incorrect nonce validation on the cache_menu() function. This makes it possible for unauthenticated attackers to clear cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 7.0.6 |
Related
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2024-02-21 07:15:00
cve
cve
CVE-2024-24872
2024-02-21 07:15:55
nvd
nvd
CVE-2024-24872
2024-02-21 07:15:55
wordfence
wordfence
6.3 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:763DBC3D-D15C-4408-89BB-7AB736CC7FF6