CVE-2024-5076

CWE-352 — Cross-Site Request Forgery (CSRF)CWE-79 — Cross-site Scripting (XSS)CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

8.8HIGH

EPSS

0.7%

top 27.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Wp-emember Tipsandtricks-hq WP Emember

Timeline

PublishedJul 13

Description

The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5unknown/wp-emember< 10.6.6

▶NVDtipsandtricks-hq/wp_emember< 10.6.6

🔴Vulnerability Details

GHSA

GHSA-p3jw-55j4-79qh: The wp-eMember WordPress plugin before 10↗2024-07-13

▶

CVEList

WP eMember < 10.6.6 - Bulk Delete via CSRF↗2024-07-13

▶

📋Vendor Advisories

Red Hat

kernel: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()↗2024-06-25

▶