CVE-2024-4531

CWE-352Cross-Site Request Forgery (CSRF)2 documents2 sources
Severity
7.1HIGH
EPSS
0.2%
top 61.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Business CardEsterox Business Card
Timeline
PublishedMay 27

Description

The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages2 packages

CVEListV5unknown/business_card1.0.0

🔴Vulnerability Details

1
CVEList
Business Card <= 1.0.0 - Card Edit via CSRF2024-05-27
CVE-2024-4531 (HIGH CVSS 7.1) | The Business Card WordPress plugin | cvebase.io