FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-5285

Cross-Site Request Forgery (CSRF) (CWE-352)

Published: Jul 29, 2024 / Updated: 3mo ago

010
CVSS 5.5EPSS 0.04%Medium
CVE info copied to clipboard

The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-5285

Jul 29, 2024 at 6:15 AM
First Article

Feedly found the first article mentioning CVE-2024-5285. See article

Jul 29, 2024 at 6:21 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jul 29, 2024 at 6:21 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.4%)

Jul 29, 2024 at 9:52 AM
CVSS

A CVSS base score of 5.5 has been assigned.

Aug 1, 2024 at 2:01 PM / nvd
Static CVE Timeline Graph

Affected Systems

Wp_affiliate_platform_project/wp_affiliate_platform
+null more

Attack Patterns

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
+null more

News

Update Wed Sep 11 22:31:15 UTC 2024
Recent Commits to cve:main / 2mo
Update Wed Sep 11 22:31:15 UTC 2024
Update Wed Aug 7 14:34:30 UTC 2024
Recent Commits to cve:main / 3mo
Update Wed Aug 7 14:34:30 UTC 2024
CVE-2024-5285
Newest CVEs from Tenable / 3mo
Medium Severity Description The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack Read more at https://www.tenable.com/cve/CVE-2024-5285
NA - CVE-2024-5285 - The wp-affiliate-platform WordPress plugin...
Security-Database Alerts Monitor : Last 100 Alerts / 3mo
Cvss vector : Cvss Base Score N/A Attack Range N/A Cvss Impact Score N/A Attack Complexity N/A Cvss Expoit Score N/A Authentication N/A Calculate full CVSS 2.0 Vectors scores Cvss vector : N/A Overall CVSS Score NA Base Score NA Environmental Score NA impact SubScore NA Temporal Score NA Exploitabality Sub Score NA Calculate full CVSS 3.0 Vectors scores
CVE-2024-5285 | WP-FeedStats wp-affiliate-platform Plugin up to 6.5.1 on WordPress cross-site request forgery
VulDB Recent Entries / 3mo
A vulnerability, which was classified as problematic , was found in WP-FeedStats wp-affiliate-platform Plugin up to 6.5.1 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-5285 . It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Changed
Confidentiality:Low
Integrity:Low
Availability Impact:None

Categories

CVSS 5.5(34617)CWE-352(6421)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial