Lucene search
HistoryApr 26, 2024 - 5:15 a.m.
CVE-2024-2429
salon booking system
csrf attack
wordpress plugin
admin settings
security vulnerability
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
6.4
Confidence
High
EPSS
0
Percentile
9.0%
The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Related
cvelist
cvelist
CVE-2024-2429 Salon booking system <= 9.6.5 - Settings Update via CSRF
2024-04-26 05:00:02
vulnrichment
vulnrichment
CVE-2024-2429 Salon booking system <= 9.6.5 - Settings Update via CSRF
2024-04-26 05:00:02
wpexploit
wpexploit
Salon booking system < 9.6.6 - Settings Update via CSRF
2024-04-05 00:00:00
cve
cve
CVE-2024-2429
2024-04-26 05:15:50
wpvulndb
wpvulndb
Salon booking system < 9.6.6 - Settings Update via CSRF
2024-04-05 00:00:00
wordfence
wordfence
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
6.4
Confidence
High
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2024-2429