The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
History

Thu, 26 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Realestateconnected
Realestateconnected easy Property Listings
CPEs cpe:2.3:a:realestateconnected:easy_property_listings:*:*:*:*:*:wordpress:*:*
Vendors & Products Realestateconnected
Realestateconnected easy Property Listings

Thu, 12 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Easy Property Listings
Easy Property Listings easy Property Listings
Weaknesses CWE-352
CPEs cpe:2.3:a:easy_property_listings:easy_property_listings:*:*:*:*:*:*:*:*
Vendors & Products Easy Property Listings
Easy Property Listings easy Property Listings
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 06:15:00 +0000

Type Values Removed Values Added
Description The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
Title Easy Property Listings < 3.5.4 - Arbitrary Contact Deletion via CSRF
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-09-12T06:00:02.115Z

Updated: 2024-09-12T14:16:56.765Z

Reserved: 2024-04-01T21:03:29.168Z

Link: CVE-2024-3163

cve-icon Vulnrichment

Updated: 2024-09-12T14:16:10.383Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-12T06:15:23.607

Modified: 2024-09-26T15:13:56.280

Link: CVE-2024-3163

cve-icon Redhat

No data.