CVE-2024-7574

NVD Published Date: August 12, 2024 at 01:38 PM
NVD Last Modified: August 12, 2024 at 01:41 PM
Download Patch
Vulnerability ID
CVE-2024-7574
Severity
MEDIUM
Severity Score
6.1
Summary
The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE ID
None

Recent Publish

CVE-2024-3279

CVE-2024-7640

CVE-2024-6136

CVE-2024-42470

CVE-2024-42370

CVE-2024-0113

See SecOps Solution
in action

Schedule Demo