Cross-Site Request Forgery Vulnerability in MBE eShip by MBE Worldwide
CVE-2024-38729

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Mbe Eship
Vendor: CVE Published:; 2 January 2025

What is CVE-2024-38729?

A Cross-Site Request Forgery (CSRF) vulnerability exists in MBE eShip, a product developed by MBE Worldwide S.p.A. This vulnerability allows an attacker to send unauthorized commands on behalf of a user, potentially compromising sensitive data. The affected versions include all before 2.1.2, making it crucial for users to apply necessary updates to mitigate risks associated with this security flaw.

Affected Version(s)

MBE eShip <= 2.1.2

References

https://patchstack.com/database/wordpress/plugin/mail-box...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Jun 19, 2024

Credit

Joshua Chan (Patchstack Alliance)

WordPress

What is CVE-2024-38729?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit