The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
Metrics
Affected Vendors & Products
References
History
Thu, 26 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Realestateconnected
Realestateconnected easy Property Listings |
|
CPEs | cpe:2.3:a:realestateconnected:easy_property_listings:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Realestateconnected
Realestateconnected easy Property Listings |
Thu, 12 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Easy Property Listings
Easy Property Listings easy Property Listings |
|
Weaknesses | CWE-352 | |
CPEs | cpe:2.3:a:easy_property_listings:easy_property_listings:*:*:*:*:*:*:*:* | |
Vendors & Products |
Easy Property Listings
Easy Property Listings easy Property Listings |
|
Metrics |
cvssV3_1
|
Thu, 12 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack | |
Title | Easy Property Listings < 3.5.4 - Arbitrary Contact Deletion via CSRF | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-12T06:00:02.115Z
Updated: 2024-09-12T14:16:56.765Z
Reserved: 2024-04-01T21:03:29.168Z
Link: CVE-2024-3163
Vulnrichment
Updated: 2024-09-12T14:16:10.383Z
NVD
Status : Analyzed
Published: 2024-09-12T06:15:23.607
Modified: 2024-09-26T15:13:56.280
Link: CVE-2024-3163
Redhat
No data.