CVE-2024-3478

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 77.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Herd Effects Wow-company Herd Effects

Timeline

PublishedMay 2

Description

The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:LExploitability: 0.6 | Impact: 5.5

Affected Packages2 packages

▶CVEListV5unknown/herd_effects< 5.2.7

▶NVDwow-company/herd_effects< 5.2.7

🔴Vulnerability Details

CVEList

Herd Effects < 5.2.7 - Effect Deletion via CSRF↗2024-05-02

▶

GHSA

GHSA-xmjw-8f7c-p37x: The Herd Effects WordPress plugin before 5↗2024-05-02

▶