CVE-2024-2233

CWE-352Cross-Site Request Forgery (CSRF)CWE-476NULL Pointer Dereference4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 74.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Himer2code Himer
Timeline
PublishedJul 3
Latest updateJul 12

Description

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVD2code/himer< 2.1.1
CVEListV5unknown/himer< 2.1.1

🔴Vulnerability Details

2
GHSA
GHSA-rxwp-vh49-vj6f: The Himer WordPress theme before 22024-07-03
CVEList
Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section2024-07-03

📋Vendor Advisories

1
Red Hat
kernel: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool()2024-07-12
CVE-2024-2233 (MEDIUM CVSS 4.3) | The Himer WordPress theme before 2. | cvebase.io