Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:34977158
HistoryJun 26, 2024 - 12:00 a.m.

JVN#34977158: WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery

2024-06-2600:00:00
Japan Vulnerability Notes
jvn.jp
1
wordpress
plugins
cross-site request forgery
vulnerability
update
sola plugins
cwe-352
cve-2024-38344
cve-2024-38345

6.8 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

WordPress plugins β€œWP Tweet Walls” and β€œSola Testimonials” provided by Sola Plugins contain a cross-site request forgery vulnerability (CWE-352).

Impact

While a user logs in to the WordPress site where the affected plugin is enabled, accessing a malicious page may make the user perform unintended operations on the WordPress site.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Sola Testimonials was updated to version 3.0.0 and renamed to Super Testimonials in November, 2020.

Products Affected

CVE-2024-38344

  • WP Tweet Walls versions prior to 1.0.4
    CVE-2024-38345

  • Sola Testimonials/Super Testimonials versions prior to 3.0.0

6.8 Medium

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON