CVE-2024-4529

CWE-352Cross-Site Request Forgery (CSRF)2 documents2 sources
Severity
5.0MEDIUM
EPSS
0.1%
top 70.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Business CardEsterox Business Card
Timeline
PublishedMay 27

Description

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories via CSRF attacks

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4

Affected Packages2 packages

CVEListV5unknown/business_card1.0.0

🔴Vulnerability Details

1
CVEList
Business Card <= 1.0.0 - Category Deletion via CSRF2024-05-27
CVE-2024-4529 (MEDIUM CVSS 5) | The Business Card WordPress plugin | cvebase.io