CVE-2024-5808

{"id": "CVE-2024-5808", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-07-30T06:15:03.070", "references": [{"url": "https://wpscan.com/vulnerability/1783bbce-3cc3-4a7e-a491-b713cee8278b/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/1783bbce-3cc3-4a7e-a491-b713cee8278b/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack"}, {"lang": "es", "value": " El complemento de WordPress WP Ajax Contact Form hasta la versi\u00f3n 2.2.2 no tiene activada la verificaci\u00f3n CSRF al eliminar correos electr\u00f3nicos de la lista de correo electr\u00f3nico, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n realice dicha acci\u00f3n a trav\u00e9s de un ataque CSRF."}], "lastModified": "2025-05-28T00:49:06.347", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:masdiblogs:wp_ajax_contact_form:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "06F5E471-517C-49CA-9F13-AA736C4BC7C8", "versionEndIncluding": "2.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}