CVE-2024-3631

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 48.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown HL TwitterDachande663 HL Twitter
Timeline
PublishedMay 15

Description

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/hl_twitter2014.1.18
NVDdachande663/hl_twitter2014.1.18

🔴Vulnerability Details

2
GHSA
GHSA-5wq8-45w5-cxgr: The HL Twitter WordPress plugin through 20142024-05-15
CVEList
HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF2024-05-15
CVE-2024-3631 (MEDIUM CVSS 4.3) | The HL Twitter WordPress plugin thr | cvebase.io