CVE-2024-6024

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
8.8HIGH
EPSS
0.3%
top 50.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adamsolymosi ContentlockUnknown Contentlock
Timeline
PublishedJul 12

Description

The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/contentlock1.0.3

🔴Vulnerability Details

2
GHSA
GHSA-vq3c-gpmf-8p9q: The ContentLock WordPress plugin through 12024-07-12
CVEList
ContentLock <= 1.0.3 - Groups/Emails Deletion via CSRF2024-07-12
CVE-2024-6024 (HIGH CVSS 8.8) | The ContentLock WordPress plugin th | cvebase.io