CVE-2024-4474

Medium

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers…

WPScan·CWE-352·Published 2024-06-21

CVSS

4.3

EPSS

0.06

KEV

Exploits

cve.orgen

193 chars

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

NVDen

193 chars

The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

El complemento WP Logs Book WordPress hasta la versión 1.0.1 no tiene activada la verificación CSRF al actualizar su configuración, lo que podría permitir a los atacantes hacer que un administrador que haya iniciado sesión los cambie mediante un ataque CSRF.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	4.3	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
3.1	Primary	NVD	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
3.1	Primary	cve.org	4.3	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
3.1	Secondary	NVD	4.3	0.9	3.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L