← back
CVE-2024-2262

WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF

CVSS 4.7 MEDIUMEPSS 0.2%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Apr 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Affected products
Unknown · Themify