CVE-2024-9689

Cross-Site Request Forgery (CSRF) (CWE-352)

Published: Nov 5, 2024 / Updated: 14d ago

010
CVSS 4.3EPSS 0.04%Medium
CVE info copied to clipboard

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9689

Nov 5, 2024 at 6:15 AM
First Article

Feedly found the first article mentioning CVE-2024-9689. See article

Nov 5, 2024 at 6:20 AM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 5, 2024 at 6:20 AM
CVSS

A CVSS base score of 4.8 has been assigned.

Nov 5, 2024 at 4:40 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 10%)

Nov 6, 2024 at 10:26 AM
CVSS

A CVSS base score of 4.3 has been assigned.

Nov 6, 2024 at 7:15 PM / nvd
Static CVE Timeline Graph

Affected Systems

Shaon/post_from_frontend
+null more

Attack Patterns

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
+null more

News

CVE-2024-9689
Medium Severity Description The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack Read more at https://www.tenable.com/cve/CVE-2024-9689
CVE-2024-9689 | Post From Frontend Plugin up to 1.0.0 on WordPress cross-site request forgery
A vulnerability was found in Post From Frontend Plugin up to 1.0.0 on WordPress. It has been classified as problematic . This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-9689 . It is possible to initiate the attack remotely. There is no exploit available.
CVE-2024-9689 - "WordPress Post From Frontend CSRF Vulnerability"
CVE ID : CVE-2024-9689 Published : Nov. 5, 2024, 6:15 a.m. 49 minutes ago Description : The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-9689 Post From Frontend https://www. cve.org/CVERecord?id=CVE-2024- 9689 https:// wpscan.com/vulnerability/ea501 d37-1ec2-43ec-873a-ec204e965f60/ # CVE_2024_9689 # bot
CVE-2024-9689
The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:None
Integrity:Low
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI