CSRF Vulnerability in Native Grid LLC's No-Code Page Builder
CVE-2024-24701

8.8HIGH

Key Information:

Vendor: WordPress
Status: A No-code Page Builder For Beautiful Performance-based Content
Vendor: CVE Published:; 29 February 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in Native Grid LLC's page builder, impacting versions from an unspecified release to 2.1.20. This issue enables malicious actors to exploit user sessions and perform unauthorized actions on behalf of users without their consent. It poses a significant risk to the integrity of user data and the overall security of the application, emphasizing the need for prompt patching and mitigation strategies.

Affected Version(s)

A no-code page builder for beautiful performance-based content <= 2.1.20

References

https://patchstack.com/database/vulnerability/setka-edito...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Jan 26, 2024

Credit

emad (Patchstack Alliance)