CVE-2024-4530

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-4530
The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing card categories via CSRF attacks

6.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/952f6b5c-7728-4c87-8826-6b493f51a979/ Exploit Third Party Advisory
https://wpscan.com/vulnerability/952f6b5c-7728-4c87-8826-6b493f51a979/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:esterox:business_card:1.0.0:*:*:*:*:wordpress:*:*
History

01 May 2025, 14:10

Type Values Removed Values Added
CPE cpe:2.3:a:esterox:business_card:1.0.0:*:*:*:*:wordpress:*:*
First Time Esterox
Esterox business Card
References () https://wpscan.com/vulnerability/952f6b5c-7728-4c87-8826-6b493f51a979/ - () https://wpscan.com/vulnerability/952f6b5c-7728-4c87-8826-6b493f51a979/ - Exploit, Third Party Advisory
CWE CWE-352

21 Nov 2024, 09:43

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/952f6b5c-7728-4c87-8826-6b493f51a979/ - () https://wpscan.com/vulnerability/952f6b5c-7728-4c87-8826-6b493f51a979/ -

31 Oct 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.3

28 May 2024, 12:39

Type Values Removed Values Added
Summary
  • (es) El complemento Business Card WordPress hasta la versión 1.0.0 no tiene comprobaciones CSRF en algunos lugares, lo que podría permitir a los atacantes hacer que los usuarios registrados realicen acciones no deseadas, como editar categorías de tarjetas mediante ataques CSRF.

27 May 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-27 06:15

Updated : 2025-05-01 14:10

NVD link : CVE-2024-4530

Mitre link : CVE-2024-4530

CVE.ORG link : CVE-2024-4530

JSON object : View

Products Affected

esterox

  • business_card
CWE
CWE-352

Cross-Site Request Forgery (CSRF)