Lucene search
WPScanVULNRICHMENT:CVE-2024-3971HistoryJun 14, 2024 - 6:00 a.m.
CVE-2024-3971 Similarity <= 3.0 - Plugin Reset via CSRF
2024-06-1406:00:03
WPScan
github.com
6
cve-2024-3971
similarity plugin
csrf vulnerability
wordpress
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
17.5%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
The Similarity WordPress plugin through 3.0 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
CNA Affected
[
{
"vendor": "Unknown",
"product": "Similarity",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "3.0"
}
],
"defaultStatus": "affected"
}
]Related
cve
cve
CVE-2024-3971
2024-06-14 06:15:12
nvd
nvd
CVE-2024-3971
2024-06-14 06:15:12
wpexploit
wpexploit
Similarity <= 3.0 - Plugin Reset via CSRF
2024-05-24 00:00:00
cvelist
cvelist
CVE-2024-3971 Similarity <= 3.0 - Plugin Reset via CSRF
2024-06-14 06:00:03
wpvulndb
wpvulndb
Similarity <= 3.0 - Plugin Reset via CSRF
2024-05-24 00:00:00
wordfence
wordfence
AI Score
6.3
Confidence
High
EPSS
0.001
Percentile
17.5%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-3971