CVE-2024-2376

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
8.8HIGH
EPSS
0.4%
top 37.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Wpqa Builder2code Wpqa Builder
Timeline
PublishedJul 3

Description

The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVD2code/wpqa_builder< 6.1.1
CVEListV5unknown/wpqa_builder< 6.1.1

🔴Vulnerability Details

2
GHSA
GHSA-h3q5-gjcc-wrm3: The WPQA Builder WordPress plugin before 62024-07-03
CVEList
WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF2024-07-03
CVE-2024-2376 (HIGH CVSS 8.8) | The WPQA Builder WordPress plugin b | cvebase.io