FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-6628

Cross-Site Request Forgery (CSRF) (CWE-352)

Published: Nov 16, 2024 / Updated: 4d ago

010
CVSS 4.3EPSS 0.05%Medium
CVE info copied to clipboard

The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for unauthenticated attackers to delete form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2024-6628. See article

Nov 16, 2024 at 3:38 AM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 16, 2024 at 3:38 AM
CVE Assignment

NVD published the first details for CVE-2024-6628

Nov 16, 2024 at 4:15 AM
CVSS

A CVSS base score of 4.3 has been assigned.

Nov 16, 2024 at 4:20 AM / nvd
CVSS Estimate

Feedly estimated the CVSS score as LOW

Nov 16, 2024 at 4:35 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 18.4%)

Nov 16, 2024 at 10:07 AM
Static CVE Timeline Graph

Affected Systems

Wordpress/wordpress
+null more

Attack Patterns

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
+null more

News

EleForms All In One Form Integration plugin vulnerable to Cross-Site Request Forgery
4d
Cscode - MEDIUM - CVE-2024-6628 The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for unauthenticated attackers to delete form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2024-6628 - EleForms CSRF Vulnerability
Latest Vulnerabilities / 4d
CVE ID : CVE-2024-6628 Published : Nov. 16, 2024, 4:15 a.m. 51 minutes ago Description : The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for unauthenticated attackers to delete form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Severity:
CVE-2024-6628
Vulners.com RSS Feed / 4d
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for unauthenticated attackers to delete form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a...
CVE-2024-6628 EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Cross-Site Request Forgery
Vulners.com RSS Feed / 4d
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to missing or incorrect nonce validation when deleting form submissions. This makes it possible for unauthenticated attackers to delete form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a...
CVE-2024-6628 | EleForms Plugin up to 2.9.9.9 on WordPress cross-site request forgery
VulDB Recent Entries / 4d
A vulnerability was found in EleForms Plugin up to 2.9.9.9 on WordPress and classified as problematic . Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-6628 . The attack may be launched remotely. There is no exploit available.

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:None
Integrity:Low
Availability Impact:None

Categories

CVSS 4.3(21798)CWE-352(6421)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial