CVE-2024-9233

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 77.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Logo SliderGsplugins Logo Slider
Timeline
PublishedMay 15

Description

The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/logo_slider< 3.7.1

🔴Vulnerability Details

2
GHSA
GHSA-8xqm-w2cq-fmc6: The Logo Slider WordPress plugin before 32025-05-15
CVEList
GS Logo Slider < 3.7.1 - Settings Update via Cross-Site Request Forgery2025-05-15
CVE-2024-9233 (MEDIUM CVSS 4.3) | The Logo Slider WordPress plugin be | cvebase.io