WordPress Tax Rate Upload plugin <= 2.4.5 - CSRF leading to Cross Site Scripting (XSS) vulnerability
CVE-2024-31105

7.1HIGH

Key Information:

Vendor: WordPress
Status: Tax Rate Upload
Vendor: CVE Published:; 2 April 2024

What is CVE-2024-31105?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Adam Bowen Tax Rate Upload plugin, allowing reflected cross-site scripting (XSS) attacks. This weakness affects all versions from an unspecified release up to 2.4.5. Exploiting this vulnerability can enable attackers to send unauthorized commands to the web application, leading to potential data breaches or other malicious actions. Website administrators using this plugin should assess their installations and implement necessary security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Tax Rate Upload <= 2.4.5

References

https://patchstack.com/database/vulnerability/tax-rate-up...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2024

Credit

thiennv (Patchstack Alliance)