CVE-2024-9990 in Crypto Plugininfo

Zusammenfassung

von MITRE • 29.10.2024

The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'crypto_connect_ajax_process::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservieren

15.10.2024

Veröffentlichung

29.10.2024

Moderieren

akzeptiert

Eintrag

VDB-282308

CPE

bereit

EPSS

0.00266

KEV

nein

Aktivitäten

very low

Quellen

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!