WordPress I Plant A Tree plugin <= 1.7.3 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2024-54331

7.1HIGH

Key Information:

Vendor: WordPress
Status: I Plant A Tree
Vendor: CVE Published:; 16 December 2024

Summary

The I Plant A Tree plugin by Micha is exposed to a Cross-Site Request Forgery (CSRF) vulnerability that leads to Stored XSS. This security issue allows attackers to craft malicious requests, potentially enabling unauthorized actions on behalf of authenticated users. If exploited, this vulnerability can compromise user data integrity, making it imperative for users of the plugin, specifically versions up to 1.7.3, to apply necessary security measures.

Affected Version(s)

I Plant A Tree <= 1.7.3

References

https://patchstack.com/database/wordpress/plugin/i-plant-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

SOPROBRO (Patchstack Alliance)