← volver
CVE-2024-2262

WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF

CVSS 4.7 MEDIUMEPSS 0.2%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
01 abr 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Productos afectados
Unknown · Themify