← back
CVE-2024-7984

Joy Of Text Lite – SMS messaging for WordPress <= 2.3.1 - Settings Update via CSRF

CVSS 4.3 MEDIUMEPSS 0.2%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 May 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N