6.5
CVE-2024-6230
- EPSS 0.25%
- Veröffentlicht 30.07.2024 06:15:03
- Zuletzt bearbeitet 02.01.2026 20:19:04
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginPardakht Delkhah <= 2.9.8 - Form Fields Reset via CSRF
Pardakht Delkhah <= 2.9.8 - Cross-Site Request Forgery to Form Setting Reset
The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack
Mögliche Gegenmaßnahme
پلاگین پرداخت دلخواه: Update to version 2.9.9, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wp-master ≫ Pardakht-delkhah SwPlatformwordpress Version < 2.9.9
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
پلاگین پرداخت دلخواه
Version
*-2.9.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.159 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://wpscan.com/vulnerability/311e3c15-0f58-4f3b-91f8-0c62c0eea55e/
https://www.wordfence.com/threat-intel/vulnerabilities/id/3eca4da3-2d8b-4a68-807b-d9a2cb52fb6b