Cross-Site Request Forgery Vulnerability in A WP Life Contact Form Widget
CVE-2024-48037

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Contact Form Widget
Vendor: CVE Published:; 17 October 2024

Summary

A vulnerability exists in the A WP Life Contact Form Widget that allows Cross-Site Request Forgery (CSRF) attacks. This flaw permits malicious actors to exploit logged-in users' sessions to perform unauthorized actions without their consent. The vulnerability impacts versions up to and including 1.4.2, compromising the integrity of user interactions with the contact form. Attackers can exploit this flaw to manipulate data or gain unauthorized access to sensitive information, making it crucial for users to implement appropriate security measures.

Affected Version(s)

Contact Form Widget <= 1.4.2

References

https://patchstack.com/database/vulnerability/new-contact...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Oct 8, 2024

Credit

Abdi Pranata (Patchstack Alliance)