CVE-2024-10922 - Vulnerability Details

Description

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-51647. Reason: This candidate is a reservation duplicate of CVE-2024-51647. Notes: All CVE users should reference CVE-2024-51647 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Published: 2024-11-07

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

No reference.

History

Thu, 12 Dec 2024 18:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-352
References	https://patchstack.com/database/vulnerability/featured-posts-scroll/wordpress-featured-posts-scroll-plugin-1-25-csrf-to-stored-cross-site-scripting-xss-vulnerability https://www.wordfence.com/threat-intel/vulnerabilities/id/4196b8d1-23a7-4b90-8e6b-f51849d44f9c?source=cve
Metrics	cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}`

Thu, 12 Dec 2024 18:15:00 +0000

Type	Values Removed	Values Added
Description	The Featured Posts Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.25. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-51647. Reason: This candidate is a reservation duplicate of CVE-2024-51647. Notes: All CVE users should reference CVE-2024-51647 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Title	Featured Posts Scroll <= 1.25 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 07 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 07 Nov 2024 02:15:00 +0000

Type	Values Removed	Values Added
Description		The Featured Posts Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.25. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Title		Featured Posts Scroll <= 1.25 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Weaknesses		CWE-352
References		https://patchstack.com/database/vulnerability/featured-posts-scroll/wordpress-featured-posts-scroll-plugin-1-25-csrf-to-stored-cross-site-scripting-xss-vulnerability https://www.wordfence.com/threat-intel/vulnerabilities/id/4196b8d1-23a7-4b90-8e6b-f51849d44f9c?source=cve
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}`

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: Wordfence

Published: 2024-11-07T01:57:12.331Z

Updated: 2024-12-12T18:00:15.384Z

Reserved: 2024-11-06T13:46:36.347Z

Link: CVE-2024-10922

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-11-07T02:15:02.847

Modified: 2024-12-12T18:15:22.627

Link: CVE-2024-10922

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object