CSRF Vulnerability in WpEvently by Magepeople Inc.
CVE-2024-32110
4.3MEDIUM
What is CVE-2024-32110?
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Magepeople Inc.'s WpEvently, allowing attackers to perform unauthorized actions on behalf of authenticated users without their consent. This issue affects all versions from n/a through 4.1.2, posing a significant risk to websites utilizing this plugin. Website administrators are advised to review and implement necessary security measures to mitigate this risk.
Affected Version(s)
WpEvently <= 4.1.2
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dhabaleshwar Das | Patchstack Bug Bounty Program