Lucene search
WPScanCVE-2024-1962HistoryMar 25, 2024 - 5:15 a.m.
CVE-2024-1962
2024-03-2505:15:50
WPScan
web.nvd.nist.gov
56
wordpress
csrf attack
download manager
unauthorized access
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0
Percentile
9.0%
The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack
Affected configurations
Node
cmindscm_download_managerRange<2.9.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cminds | cm_download_manager | * | cpe:2.3:a:cminds:cm_download_manager:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "CM Download Manager ",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.9.1"
}
],
"defaultStatus": "unaffected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-1962 CM Download and File Manager < 2.9.1 - Download Edit via CSRF
2024-03-25 05:00:02
cvelist
cvelist
CVE-2024-1962 CM Download and File Manager < 2.9.1 - Download Edit via CSRF
2024-03-25 05:00:02
nvd
nvd
CVE-2024-1962
2024-03-25 05:15:50
wpvulndb
wpvulndb
CM Download and File Manager < 2.9.1 - Download Edit via CSRF
2024-03-04 00:00:00
wpexploit
wpexploit
CM Download and File Manager < 2.9.1 - Download Edit via CSRF
2024-03-04 00:00:00
wordfence
wordfence
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
9.1
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2024-1962