WordPress WP Flipkart Importer plugin <= 1.4 - CSRF to Stored XSS vulnerability
CVE-2024-54432

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Flipkart Importer
Vendor: CVE Published:; 16 December 2024

Summary

The vulnerability in WP Flipkart Importer, developed by Shambhu Prasad Patnaik, is a Cross-Site Request Forgery (CSRF) flaw that enables attackers to execute unauthorized actions on behalf of the user. This weakness can be exploited to inject malicious scripts, resulting in Stored Cross-Site Scripting (XSS). Affected users of versions below 1.4 are at risk, as this flaw allows for potential security breaches and compromise of sensitive data when interacting with the affected plugin.

Affected Version(s)

WP Flipkart Importer <= 1.4

References

https://patchstack.com/database/wordpress/plugin/wp-flipk...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 16, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

SOPROBRO (Patchstack Alliance)