ГлавнаяУязвимости → CVE-2024-5287
7.1высокая

CVE-2024-5287

Описание

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack

Затрагиваемое ПО
Tipsandtricks-hq Wp affiliate platform
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Источники
https://wpscan.com/vulnerability/b4fd535c-a273-419d-9e2e-be1cbd822793/https://wpscan.com/vulnerability/b4fd535c-a273-419d-9e2e-be1cbd822793/