CVE-2024-6075
Severity
8.8HIGH
EPSS
0.4%
top 38.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 15
Description
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9