Description
Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful attack technique. Also, the submitted comments are, by default, held for moderator review.
Published: 2024-07-19
Score: 4.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-r9vw-cjf9-xh4x ProcessWire Cross Site Request Forgery vulnerability
History

Thu, 09 Jul 2026 13:30:00 +0000

Type Values Removed Values Added
Description Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful attack technique. Also, the submitted comments are, by default, held for moderator review.

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00022}

epss

{'score': 0.00024}


Subscriptions

Processwire Processwire
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-07-09T12:42:26.873Z

Reserved: 2024-07-18T00:00:00.000Z

Link: CVE-2024-41597

cve-icon Vulnrichment

Updated: 2024-07-24T17:56:20.970Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-19T20:15:08.993

Modified: 2026-06-17T07:47:54.243

Link: CVE-2024-41597

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)