CVE-2024-4969

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 50.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Widget BundleDevnath Verma Widget Bundle
Timeline
PublishedJun 21

Description

The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/widget_bundle2.0.0

🔴Vulnerability Details

2
GHSA
GHSA-2p9j-vp6v-8f8m: The Widget Bundle WordPress plugin through 22024-06-21
CVEList
Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF2024-06-21
CVE-2024-4969 (MEDIUM CVSS 4.3) | The Widget Bundle WordPress plugin | cvebase.io