Lucene search
PatchstackCVE-2024-21752HistoryFeb 29, 2024 - 6:15 a.m.
CVE-2024-21752
2024-02-2906:15:47
CWE-352
Patchstack
web.nvd.nist.gov
76
cve
csrf
ajax search lite
xss
nvd
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0
Percentile
9.0%
Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4.
Affected configurations
Node
ernest_marcinkoajax_search_liteRangeβ€4.11.4wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ernest_marcinko | ajax_search_lite | * | cpe:2.3:a:ernest_marcinko:ajax_search_lite:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ajax-search-lite",
"product": "Ajax Search Lite",
"vendor": "Ernest Marcinko",
"versions": [
{
"changes": [
{
"at": "4.11.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.11.4",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2024-21752
2024-02-29 06:15:47
wpvulndb
wpvulndb
Ajax Search Lite < 4.11.5 - Reflected Cross-Site Scripting
2024-01-12 00:00:00
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2024-02-29 06:15:00
vulnrichment
vulnrichment
wordfence
wordfence
CVSS3
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS
0
Percentile
9.0%
Related for CVE-2024-21752