CSRF Vulnerability in WPMU DEV Hummingbird (N/A - 3.9.1)
CVE-2024-43117

8.8HIGH

Key Information:

Vendor: WordPress
Status: Hummingbird
Vendor: CVE Published:; 26 August 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WPMU DEV Hummingbird Plugin, specifically affecting versions up to and including 3.9.1. This vulnerability could allow attackers to perform unauthorized actions on behalf of users without their consent, thereby compromising the security of WordPress installations utilizing this plugin. It is crucial for administrators to address this vulnerability promptly to prevent potential exploitation.

Affected Version(s)

Hummingbird <= 3.9.1

References

https://patchstack.com/database/vulnerability/hummingbird...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 26, 2024

Credit

Rafie Muhammad (Patchstack)