CVE-2024-38790

{"id": "CVE-2024-38790", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-01-02T12:15:23.763", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/smartsupp-live-chat/vulnerability/wordpress-smartsupp-plugin-3-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp \u2013 live chat, chatbots, AI and lead generation allows Cross Site Request Forgery.This issue affects Smartsupp \u2013 live chat, chatbots, AI and lead generation: from n/a through 3.6."}], "lastModified": "2025-01-02T12:15:23.763", "sourceIdentifier": "audit@patchstack.com"}