CVE-2024-35539

CVSS 6.5 MEDIUMEPSS 1.4%CWE-290

Vexday Risk Score

33Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 6.5EPSS 1.4%KEV nãoPoC públicaPatch —

Lifecycle

19 Aug 2024Published on NVD

10 Apr 2025Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting function. This vulnerability allows attackers to post several comments before the spam protection checks if the comments are posted too frequently.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/52161unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cyberaz0r.info/2024/08/typecho-multiple-vulnerabilities/https://typecho.org