CVE-2024-3481 — Cross-Site Request Forgery in Counter BOX

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

5.2MEDIUMNVD

EPSS

0.1%

top 66.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wow-company Counter BOX

Timeline

PublishedMay 2

Description

The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:NExploitability: 0.9 | Impact: 4.2

Affected Packages1 packages

▶NVDwow-company/counter_box< 1.2.4

🔴Vulnerability Details

GHSA

GHSA-gwqx-m7rc-2c9p: The Counter Box WordPress plugin before 1↗2024-05-02

▶

CVEList

Counter Box < 1.2.4 - Counter Deletion via CSRF↗2024-05-02

▶