CVE-2024-6271

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 61.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Community Events Community Events Project Community Events

Timeline

PublishedJul 22

Description

The Community Events WordPress plugin before 1.5 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete arbitrary events via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5unknown/community_events< 1.5

▶NVDcommunity_events_project/community_events< 1.5

🔴Vulnerability Details

GHSA

GHSA-4mrc-7pp3-99pr: The Community Events WordPress plugin before 1↗2024-07-22

▶

CVEList

Community Events < 1.5 - Event Deletion via CSRF↗2024-07-22

▶