4.3

CVE-2024-2960

SVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Deletion

SVS Pricing Tables <= 1.0.4 - Cross-Site Request Forgery to Pricing Table Deletion

The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the deletePricingTable() function. This makes it possible for unauthenticated attackers to delete pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Mögliche Gegenmaßnahme
SVS Pricing Tables: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Svs-websoftSvs Pricing Tables SwPlatformwordpress Version <= 1.0.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt SVS Pricing Tables
Version *-1.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.112
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
security@wordfence.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://plugins.trac.wordpress.org/browser/svs-pricing-tables/trunk/app/model/svs_pt_model_main.php#L91
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/e7a24213-5191-4b6d-a2d1-7b79729e6517?source=cve
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/e7a24213-5191-4b6d-a2d1-7b79729e6517
Third Party Advisory