CVE-2024-4100 in Pricing Table Plugininfo

Zusammenfassung

von MITRE • 09.07.2024

The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() function. This makes it possible for unauthenticated attackers to perform a variety of actions related to managing pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

23.04.2024

Veröffentlichung

09.07.2024

Moderieren

akzeptiert

Eintrag

VDB-270541

CPE

bereit

CWE

CWE-352 (bestätigt)

CVSS

4.3 (VulDB)

EPSS

0.00205

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-4100
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-4100
CVE Details	https://www.cvedetails.com/cve/CVE-2024-4100/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!