WordPress I Plant A Tree plugin <= 1.7.3 - CSRF to Stored Cross-Site Scripting vulnerability
CVE-2024-54331

7.1HIGH

Key Information:

Vendor: WordPress
Status: I Plant A Tree
Vendor: CVE Published:; 16 December 2024

What is CVE-2024-54331?

The I Plant A Tree plugin by Micha is exposed to a Cross-Site Request Forgery (CSRF) vulnerability that leads to Stored XSS. This security issue allows attackers to craft malicious requests, potentially enabling unauthorized actions on behalf of authenticated users. If exploited, this vulnerability can compromise user data integrity, making it imperative for users of the plugin, specifically versions up to 1.7.3, to apply necessary security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

I Plant A Tree <= 1.7.3

References

https://patchstack.com/database/wordpress/plugin/i-plant-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

SOPROBRO (Patchstack Alliance)

JSON

WordPress