Unprotected CSRF Vulnerability in Himer WordPress Theme Could Allow Attackers to Trigger Unwanted Actions

CVE-2024-2233

4.3MEDIUM

Key Information

Vendor: Himer
Status: Himer
Vendor: CVE Published:; 3 July 2024

Summary

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group

Affected Version(s)

Himer < 2.1.1

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Jul 3, 2024
Vulnerability Reserved.
Mar 6, 2024

Collectors

NVD DatabaseMitre Database

Credit

Sushmita Poudel

WPScan