CVE-2024-31939
WordPress Import any XML or CSV File to WordPress plugin <= 3.7.3 - Cross Site Request Forgery (CSRF) vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3.
Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Soflyy Importe cualquier archivo XML o CSV a WordPress. Este problema afecta la importaciĆ³n de cualquier archivo XML o CSV a WordPress: desde n/a hasta 3.7.3.
The Import any XML or CSV File to WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.7.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to dismiss notices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-07 CVE Reserved
- 2024-04-10 CVE Published
- 2024-04-11 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wp All Import Search vendor "Wp All Import" | Wp All Import Search vendor "Wp All Import" for product "Wp All Import" | >= 0.0.0 <= 3.7.3 Search vendor "Wp All Import" for product "Wp All Import" and version " >= 0.0.0 <= 3.7.3" | en |
Affected
| ||||||