CVE-2024-3477

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 68.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Popup BOX Wow-company Popup BOX

Timeline

PublishedMay 2

Description

The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5unknown/popup_box< 2.2.7

▶NVDwow-company/popup_box< 2.2.7

🔴Vulnerability Details

CVEList

Popup Box < 2.2.7 - Popup Deletion via CSRF↗2024-05-02

▶

GHSA

GHSA-72vc-f76g-4qq4: The Popup Box WordPress plugin before 2↗2024-05-02

▶