CVE-2024-0847 in 5280 Bootstrap Modal Contact Form Plugininfo

Summary

by MITRE • 05/02/2024

The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete messages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

01/23/2024

Disclosure

05/02/2024

Moderation

accepted

Entry

VDB-262457

CPE

ready

CWE

CWE-352 (confirmed)

CVSS

4.3 (VulDB)

EPSS

0.00112

KEV

Activities

very low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-0847
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-0847
CVE Details	https://www.cvedetails.com/cve/CVE-2024-0847/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!