CVE-2024-6136
Severity
5.4MEDIUM
EPSS
0.3%
top 47.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 12
Description
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7