Cross-Site Request Forgery Vulnerability in Codebard Help Desk
CVE-2024-56222

5.4MEDIUM

Key Information:

Vendor: Codebard
Status: Codebard Help Desk
Vendor: CVE Published:; 31 December 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Codebard Help Desk plugin, allowing attackers to perform unauthorized actions on behalf of authenticated users without their consent. This flaw impacts versions of the plugin from its initial release up to 1.1.1. The vulnerability can be exploited if users are tricked into clicking malicious links while authenticated, compromising the integrity of user actions and leading to potential data breaches.

Affected Version(s)

CodeBard Help Desk <= 1.1.1

References

https://patchstack.com/database/wordpress/plugin/codebard...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 18, 2024

Credit

hunter85 (Patchstack Alliance)