CVE-2024-4100 in Pricing Table Plugininfo

Summary

by MITRE • 07/09/2024

The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() function. This makes it possible for unauthenticated attackers to perform a variety of actions related to managing pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

04/23/2024

Disclosure

07/09/2024

Moderation

accepted

Entry

VDB-270541

CPE

ready

CWE

CWE-352 (confirmed)

CVSS

4.3 (VulDB)

EPSS

0.00205

KEV

Activities

very low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-4100
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-4100
CVE Details	https://www.cvedetails.com/cve/CVE-2024-4100/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!