4.3
CVE-2024-31386
- EPSS 0.47%
- Veröffentlicht 10.04.2024 19:15:49
- Zuletzt bearbeitet 21.11.2024 09:13:25
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
Multiple Themes (Various Versions) - Cross-Site Request Forgery to Notice Dismissal
Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.This issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1.
Mögliche Gegenmaßnahme
CityLogic: Update to version 1.1.30, or a newer patched version
Decode: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Default Mag: Update to version 1.3.6, or a newer patched version
Emmet Lite: Update to version 1.7.8, or a newer patched version
Gridsby: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
HappenStance: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
i-excel: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
i-max: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Lightning: Update to version 15.19.0, or a newer patched version
Namaha: Update to version 1.0.41, or a newer patched version
Panoramic: Update to version 1.1.57, or a newer patched version
Sensible WP: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Shopstar!: Update to version 1.1.34, or a newer patched version
Sliding Door: Update to version 3.4, or a newer patched version
X-T9: Update to version 1.19.1, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Theme
≫
Produkt
CityLogic
Version
[*, 1.1.30)
SystemWordPress Theme
≫
Produkt
Decode
Version
*-3.15.3
SystemWordPress Theme
≫
Produkt
Default Mag
Version
[*, 1.3.6)
SystemWordPress Theme
≫
Produkt
Emmet Lite
Version
[*, 1.7.8)
SystemWordPress Theme
≫
Produkt
Gridsby
Version
*-1.3.0
SystemWordPress Theme
≫
Produkt
HappenStance
Version
*-3.0.1
SystemWordPress Theme
≫
Produkt
i-excel
Version
*-1.7.9
SystemWordPress Theme
≫
Produkt
i-max
Version
*-1.6.2
SystemWordPress Theme
≫
Produkt
Lightning
Version
*-15.18.0
SystemWordPress Theme
≫
Produkt
Namaha
Version
[*, 1.0.41)
SystemWordPress Theme
≫
Produkt
Panoramic
Version
[*, 1.1.57)
SystemWordPress Theme
≫
Produkt
Sensible WP
Version
*-1.3.1
SystemWordPress Theme
≫
Produkt
Shopstar!
Version
[*, 1.1.34)
SystemWordPress Theme
≫
Produkt
Sliding Door
Version
[*, 3.4)
SystemWordPress Theme
≫
Produkt
X-T9
Version
[*, 1.19.1)
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerHidekazu Ishikawa
≫
Produkt
X-T9
Default Statusunaffected
Version <=
1.19.0
Version
n/a
Status
affected
HerstellerHidekazu Ishikawa
≫
Produkt
Lightning
Default Statusunaffected
Version <=
15.18.0
Version
n/a
Status
affected
Herstellerthemeinwp
≫
Produkt
Default Mag
Default Statusunaffected
Version <=
1.3.5
Version
n/a
Status
affected
HerstellerOut the Box
≫
Produkt
Namaha
Default Statusunaffected
Version <=
1.0.40
Version
n/a
Status
affected
HerstellerOut the Box
≫
Produkt
CityLogic
Default Statusunaffected
Version <=
1.1.29
Version
n/a
Status
affected
HerstellerMarsian
≫
Produkt
i-max
Default Statusunaffected
Version <=
1.6.2
Version
n/a
Status
affected
HerstellerJetmonsters
≫
Produkt
Emmet Lite
Default Statusunaffected
Version <=
1.7.5
Version
n/a
Status
affected
HerstellerMacho Themes
≫
Produkt
Decode
Default Statusunaffected
Version <=
3.15.3
Version
n/a
Status
affected
HerstellerWayneconnor
≫
Produkt
Sliding Door
Default Statusunaffected
Version <=
3.3
Version
n/a
Status
affected
HerstellerOut the Box
≫
Produkt
Shopstar!
Default Statusunaffected
Version <=
1.1.33
Version
n/a
Status
affected
HerstellerModernthemesnet
≫
Produkt
Gridsby
Default Statusunaffected
Version <=
1.3.0
Version
n/a
Status
affected
HerstellerTT Themes
≫
Produkt
HappenStance
Default Statusunaffected
Version <=
3.0.1
Version
n/a
Status
affected
HerstellerMarsian
≫
Produkt
i-excel
Default Statusunaffected
Version <=
1.7.9
Version
n/a
Status
affected
HerstellerOut the Box
≫
Produkt
Panoramic
Default Statusunaffected
Version <=
1.1.56
Version
n/a
Status
affected
HerstellerModernthemesnet
≫
Produkt
Sensible WP
Default Statusunaffected
Version <=
1.3.1
Version
n/a
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.637 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| audit@patchstack.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.