Lucene search

[email protected]CVE-2024-31251

HistoryApr 12, 2024 - 1:15 p.m.

CVE-2024-31251

2024-04-1213:15:16

CWE-352

[email protected]

web.nvd.nist.gov

cve-2024-31251

cross-site request forgery

peepso community

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo.This issue affects Community by PeepSo: from n/a through 6.3.1.1.

Affected configurations

Vulners

Node

peepsopeepsoRange≤6.3.1.1

VendorProductVersionCPE
peepsopeepso*cpe:2.3:a:peepso:peepso:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
peepso	peepso	*	cpe:2.3:a:peepso:peepso::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "peepso-core",
    "product": "Community by PeepSo",
    "vendor": "PeepSo",
    "versions": [
      {
        "changes": [
          {
            "at": "6.3.1.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "6.3.1.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/peepso-core/wordpress-community-by-peepso-plugin-6-3-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-31251

cvelist1 vulnrichment1 nvd1