Lucene search

PatchstackCVE-2024-38776

HistoryAug 02, 2024 - 8:15 a.m.

CVE-2024-38776

2024-08-0208:15:42

CWE-352

Patchstack

web.nvd.nist.gov

wordpress

gotowebinar

csrf

xss

vulnerability

martin gibson

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

9.4%

JSON

Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson WP GoToWebinar allows Cross-Site Scripting (XSS).This issue affects WP GoToWebinar: from n/a through 15.7.

Affected configurations

Vulners

Node

martin_gibsonwp_gotowebinarRange≤15.7

VendorProductVersionCPE
martin_gibsonwp_gotowebinar*cpe:2.3:a:martin_gibson:wp_gotowebinar:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
martin_gibson	wp_gotowebinar	*	cpe:2.3:a:martin_gibson:wp_gotowebinar::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "wp-gotowebinar",
    "product": "WP GoToWebinar",
    "vendor": "Martin Gibson",
    "versions": [
      {
        "changes": [
          {
            "at": "15.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "15.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/wp-gotowebinar/wordpress-wp-gotowebinar-plugin-15-7-csrf-to-xss-vulnerability?_s_id=cve