{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47634", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-09-30T11:16:50.531Z", "datePublished": "2024-10-20T10:29:41.741Z", "dateUpdated": "2024-10-21T19:05:55.635Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "woo-save-abandoned-carts", "product": "CartBounty \u2013 Save and recover abandoned carts for WooCommerce", "vendor": "Streamline.lv", "versions": [{"changes": [{"at": "8.2.1", "status": "unaffected"}], "lessThanOrEqual": "8.2", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mika (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty \u2013 Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.<p>This issue affects CartBounty \u2013 Save and recover abandoned carts for WooCommerce: from n/a through 8.2.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty \u2013 Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty \u2013 Save and recover abandoned carts for WooCommerce: from n/a through 8.2."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-10-20T10:29:41.741Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/woo-save-abandoned-carts/wordpress-cartbounty-plugin-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 8.2.1 or a higher version."}], "value": "Update to 8.2.1 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress CartBounty plugin <= 8.2 - Cross Site Request Forgery (CSRF) vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "woocommerce", "product": "streamline.lv", "cpes": ["cpe:2.3:a:woocommerce:streamline.lv:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "8.2", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-21T18:59:45.611309Z", "id": "CVE-2024-47634", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T19:05:55.635Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47634", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T18:59:45.611309Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:woocommerce:streamline.lv:*:*:*:*:*:*:*:*"], "vendor": "woocommerce", "product": "streamline.lv", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "8.2"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T19:05:49.753Z"}}], "cna": {"title": "WordPress CartBounty plugin <= 8.2 - Cross Site Request Forgery (CSRF) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mika (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Streamline.lv", "product": "CartBounty \u2013 Save and recover abandoned carts for WooCommerce", "versions": [{"status": "affected", "changes": [{"at": "8.2.1", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "8.2"}], "packageName": "woo-save-abandoned-carts", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 8.2.1 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 8.2.1 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/woo-save-abandoned-carts/wordpress-cartbounty-plugin-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty \u2013 Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty \u2013 Save and recover abandoned carts for WooCommerce: from n/a through 8.2.", "supportingMedia": [{"type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty \u2013 Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.<p>This issue affects CartBounty \u2013 Save and recover abandoned carts for WooCommerce: from n/a through 8.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-10-20T10:29:41.741Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47634", "state": "PUBLISHED", "dateUpdated": "2024-10-21T19:05:55.635Z", "dateReserved": "2024-09-30T11:16:50.531Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-10-20T10:29:41.741Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:majas-lapu-izstrade:cartbounty:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "53D63AC8-FD00-4523-9FAD-533AB0854E02", "versionEndExcluding": "8.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty \u2013 Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty \u2013 Save and recover abandoned carts for WooCommerce: from n/a through 8.2."}, {"lang": "es", "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Streamline.Lv CartBounty \u2013 Save and recover abandoned carts for WooCommerce permite Cross-Site Request Forgery. Este problema afecta a CartBounty \u2013 Guardar y recuperar carritos abandonados para WooCommerce: desde n/a hasta 8.2."}], "id": "CVE-2024-47634", "lastModified": "2024-10-22T18:46:02.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-10-20T11:15:02.217", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/woo-save-abandoned-carts/wordpress-cartbounty-plugin-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}