CVE-2024-32699
WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommerce Compare.This issue affects YITH WooCommerce Compare: from n/a through 2.37.0.
Vulnerabilidad de Cross-Site Request Forgery (CSRF) en YITH YITH WooCommerce Compare. Este problema afecta a YITH WooCommerce Compare: desde n/a hasta 2.37.0.
The YITH WooCommerce Compare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.37.0. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to add/remove things from a product compare via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is marked as informational as there is no true security impact.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-17 CVE Reserved
- 2024-04-22 CVE Published
- 2024-04-25 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Yith Woocommerce Compare Search vendor "Yith Woocommerce Compare" | Yith Woocommerce Compare Search vendor "Yith Woocommerce Compare" for product "Yith Woocommerce Compare" | >= 0.0.0 <= 2.37.0 Search vendor "Yith Woocommerce Compare" for product "Yith Woocommerce Compare" and version " >= 0.0.0 <= 2.37.0" | en |
Affected
| ||||||