CVE-2024-1231

CWE-352Cross-Site Request Forgery (CSRF)CWE-12314 documents4 sources
Severity
6.8MEDIUM
EPSS
0.1%
top 73.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown CM Download ManagerCminds CM Download Manager
Timeline
PublishedMar 25
Latest updateNov 19

Description

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:LExploitability: 1.3 | Impact: 5.5

Affected Packages2 packages

CVEListV5unknown/cm_download_manager< 2.9.0

🔴Vulnerability Details

2
GHSA
GHSA-wvw8-hcw4-jwqp: The CM Download Manager WordPress plugin before 22024-03-25
CVEList
CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF2024-03-25

📋Vendor Advisories

1
Red Hat
kernel: net: arc: fix the device for dma_map_single/dma_unmap_single2024-11-19
CVE-2024-1231 (MEDIUM CVSS 6.8) | The CM Download Manager WordPress p | cvebase.io