CVE-2024-2262

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

4.7MEDIUM

EPSS

0.2%

top 62.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Themify Themify Woocommerce Product Filter

Timeline

PublishedApr 1

Description

Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5unknown/themify< 1.4.4

▶NVDthemify/woocommerce_product_filter< 1.4.4

🔴Vulnerability Details

GHSA

GHSA-mqx4-g9cq-jvc6: Themify WordPress plugin before 1↗2024-04-01

▶

CVEList

WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF↗2024-04-01

▶