CVE-2024-2262

{"id": "CVE-2024-2262", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-04-01T05:15:07.937", "references": [{"url": "https://wpscan.com/vulnerability/30544377-b90d-4762-b38a-ec89bda0dfdc/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/30544377-b90d-4762-b38a-ec89bda0dfdc/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs"}, {"lang": "es", "value": "El complemento Themify de WordPress anterior a 1.4.4 no tiene verificaci\u00f3n CSRF en su acci\u00f3n masiva, lo que podr\u00eda permitir a los atacantes hacer que los usuarios registrados eliminen filtros arbitrarios mediante un ataque CSRF, siempre que conozcan los filtros relacionados."}], "lastModified": "2025-05-13T01:01:40.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:themify:woocommerce_product_filter:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "1DC8F8B2-7FAB-49EE-BCD2-1B16D4B2EBF0", "versionEndExcluding": "1.4.4"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}