Unprotected CSRF Vulnerability in Visual Sound WordPress Plugin
CVE-2024-8047

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Visual Sound
Vendor: CVE Published:; 17 September 2024

Summary

The Visual Sound plugin for WordPress, up to version 1.06, is susceptible to Cross-Site Request Forgery (CSRF) vulnerabilities. The absence of adequate CSRF checks during the settings update process allows attackers to exploit this flaw. By leveraging malicious requests, an attacker can manipulate an authenticated administrator's settings without their consent. This vulnerability underscores the importance of implementing CSRF protection measures to guard against unauthorized modifications and maintain the integrity of WordPress sites.

References

https://wpscan.com/vulnerability/0ae1474c-9193-48ee-8cf6-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2024