Unprotected CSRF Vulnerability in WP-Cart for Digital Products
CVE-2024-6075

8.8HIGH

Key Information:

Vendor: Wordpress
Status: WP Estore
Vendor: CVE Published:; 15 July 2024

Summary

The wp-cart-for-digital-products plugin for WordPress, prior to version 8.5.5, is susceptible to Cross-Site Request Forgery (CSRF) vulnerabilities due to inadequate CSRF checks in certain functionalities. This flaw permits attackers to exploit logged-in users’ sessions to execute unauthorized actions, undermining the integrity and security of the affected WordPress sites. It is crucial for users of this plugin to update to the latest version to mitigate potential risks associated with this vulnerability.

References

https://wpscan.com/vulnerability/b0e2658a-b075-48b6-a9d9-...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 15, 2024