WordPress Custom Dashboard Widgets Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2024-22290

7.1HIGH

Key Information:

Vendor: WordPress
Status: Custom Dashboard Widgets
Vendor: CVE Published:; 31 January 2024

What is CVE-2024-22290?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Custom Dashboard Widgets developed by AboZain, which could allow an attacker to exploit this weakness to perform unauthorized actions. This vulnerability enables the potential for Cross-Site Scripting (XSS) attacks, posing security risks to users of affected versions. The issue impacts all versions of Custom Dashboard Widgets from an unspecified version up through 1.3.1, exposing sensitive data and compromising the integrity of the application.

Affected Version(s)

Custom Dashboard Widgets <= 1.3.1

References

https://patchstack.com/database/vulnerability/custom-dash...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 31, 2024
Vulnerability Reserved
Jan 8, 2024

Credit

Dimas Maulana (Patchstack Alliance)