CVE-2024-24849
WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1.
Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Mark Stockton Quicksand Post Filter jQuery Plugin. Este problema afecta a Quicksand Post Filter jQuery Plugin: desde n/a hasta 3.1.1.
The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'renderAdmin' function. This makes it possible for unauthenticated attackers to update arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-31 CVE Reserved
- 2024-02-02 CVE Published
- 2024-02-21 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Quicksand Jquery Post Filter Search vendor "Quicksand Jquery Post Filter" | Quicksand Jquery Post Filter Search vendor "Quicksand Jquery Post Filter" for product "Quicksand Jquery Post Filter" | >= 0.0.0 <= 3.1.1 Search vendor "Quicksand Jquery Post Filter" for product "Quicksand Jquery Post Filter" and version " >= 0.0.0 <= 3.1.1" | en |
Affected
| ||||||