CVE-2024-3590 Vulnerability Details
/
/
/
CVE-2024-3590 Metadata Quick Info
CVE Published: 09/05/2024 |
CVE Updated: 21/08/2024 |
CVE Year: 2024
Source: WPScan |
Vendor: Unknown |
Product: LetterPress
Status : PUBLISHED
CVE-2024-3590 Description
The LetterPress WordPress plugin through 1.2.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as delete arbitrary subscribers
Metrics
CVSS Version: 3.1 |
Base Score: n/a
Vector: n/a
l➤ Exploitability Metrics:
Attack Vector (AV)*
Attack Complexity (AC)*
Privileges Required (PR)*
User Interaction (UI)*
Scope (S)*
l➤ Impact Metrics:
Confidentiality Impact (C)*
Integrity Impact (I)*
Availability Impact (A)*
Weakness Enumeration (CWE)
CWE-ID:
CWE Name: CWE-352 Cross-Site Request Forgery (CSRF)
Source: Unknown
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID:
CAPEC Description: