CVE-2024-3629

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
2.4LOW
EPSS
0.2%
top 58.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown HL TwitterDachande663 HL Twitter
Timeline
PublishedMay 15

Description

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/hl_twitter2014.1.18
NVDdachande663/hl_twitter2014.1.18

🔴Vulnerability Details

2
GHSA
GHSA-p3vp-jg8v-gfmh: The HL Twitter WordPress plugin through 20142024-05-15
CVEList
HL Twitter <= 2014.1.18 - Settings Update via CSRF2024-05-15
CVE-2024-3629 (LOW CVSS 2.4) | The HL Twitter WordPress plugin thr | cvebase.io