CVE-2024-8043
Cross-Site Request Forgery (CSRF) (CWE-352)
Published: Sep 17, 2024 / Updated: 2mo ago
010
CVSS 5.4EPSS 0.04%Medium
CVE info copied to clipboard
The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Timeline
First Article
Feedly found the first article mentioning CVE-2024-8043. See article
Aug 29, 2024 at 5:45 AM / VulDB Recent Entries
CVSS Estimate
Feedly estimated the CVSS score as MEDIUM
Aug 29, 2024 at 5:45 AM
CVE Assignment
NVD published the first details for CVE-2024-8043
Sep 17, 2024 at 6:15 AM
CVSS
A CVSS base score of 5.7 has been assigned.
Sep 17, 2024 at 3:41 PM / nvd
EPSS
EPSS Score was set to: 0.04% (Percentile: 9.6%)
Sep 19, 2024 at 1:17 AM
CVSS
A CVSS base score of 5.4 has been assigned.
Sep 27, 2024 at 6:25 PM / nvd
Affected Systems
Seanschulte/vikinghammer_tweet
+null more
Attack Patterns
CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
+null more
News
Recent vulnerabilities
Vulnerabilities are sorted by update time (recent to old). ID Description ghsa-jf5x-p6mg-vvp7 ( github ) TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. ghsa-hh55-xqjj-vxv4 ( github ) TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. ghsa-f2jm-rw3h-6phg ( github ) A vulnerability in the FAISS.deserialize_from_bytes function of langchain-ai/langchain allows for pickle deserialization of untrusted data. This can lead to the execution of arbitrary commands via the os.system function. The issue affects the latest version of the product. ghsa-8q4v-68hv-v55c ( github ) In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END.
NA - CVE-2024-8043 - The Vikinghammer Tweet WordPress plugin through...
The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin...
CVE-2024-8043
Medium Severity Description The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. Read more at https://www.tenable.com/cve/CVE-2024-8043
CVE-2024-8043
The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. CVE-2024-8043 originally published on CyberSecurityBoard
CVE-2024-8043 - WordPress Vikinghammer Tweet CSRF Stored XSS
CVE ID : CVE-2024-8043 Published : Sept. 17, 2024, 6:15 a.m. 21 minutes ago Description : The Vikinghammer Tweet WordPress plugin through 0.2.4 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
See 5 more articles and social media posts