6.3
CVE-2024-2235
- EPSS 0.19%
- Veröffentlicht 03.07.2024 06:15:03
- Zuletzt bearbeitet 21.11.2024 09:09:19
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginHimer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF
Himer <= 2.1.0 - Cross-Site Request Forgery to Poll Voting
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack
Mögliche Gegenmaßnahme
Himer - Social Questions and Answers WordPress Theme: Update to version 2.1.1, or a newer patched version
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.091 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/62c8a564-225e-4202-9bb0-03029fa4fd42/
https://www.wordfence.com/threat-intel/vulnerabilities/id/b3b23544-71de-4da8-9fd5-6d9ef995ad7b