Lucene search
PatchstackCVE-2024-32107HistoryApr 11, 2024 - 1:15 p.m.
CVE-2024-32107
2024-04-1113:15:55
CWE-352
Patchstack
web.nvd.nist.gov
25
xlplugins
finale lite
csrf vulnerability
versions 2.18.0
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.0%
Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.
Affected configurations
Node
xlpluginsfinale_liteRange≤2.18.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xlplugins | finale_lite | * | cpe:2.3:a:xlplugins:finale_lite:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "finale-woocommerce-sales-countdown-timer-discount",
"product": "Finale Lite",
"vendor": "XLPlugins",
"versions": [
{
"changes": [
{
"at": "2.18.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.18.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
cvelist
cvelist
wpvulndb
wpvulndb
Finale Lite < 2.18.1 - Cross-Site Request Forgery
2024-04-17 00:00:00
nvd
nvd
CVE-2024-32107
2024-04-11 13:15:55
vulnrichment
vulnrichment
wordfence
wordfence
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.0%
Related for CVE-2024-32107