CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32085 – WordPress Citadela Listing plugin < 5.20.0 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32085
Cross-Site Request Forgery (CSRF) vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a before 5.20.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en AitThemes Citadela Listing. Este problema afecta al listado de Citadela: desde n/a hasta 5.18.1. The Citadela Listing plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.18.1. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/citadela-directory/wordpress-citadela-listing-plugin-5-18-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32086 – WordPress Citadela Listing plugin <= 5.18.1 - Unauth. Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32086
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AitThemes Citadela Listing.This issue affects Citadela Listing: from n/a through 5.18.1. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en AitThemes Citadela Listing. Este problema afecta el listado de Citadela: desde n/a hasta 5.18.1. The Citadela Directory plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.18.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/citadela-directory/wordpress-citadela-listing-plugin-5-18-1-unauthenticated-sensitive-data-users-posts-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •