CVE-2024-10892

Published Dec 18, 2024

Last updated 2 months ago

CVSS medium 5.4

Overview

Description
The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks.
Source
contact@wpscan.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.4
Impact score
2.5
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Severity
MEDIUM

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10892 (Published: 2024-12-18) - A medium severity vulnerability in the WordPress Plugin nan affects multiple versions. 🛠️ Ensure your site is secure by updating to the latest version. For more details, visit: https://t.co/AnE00cfpvw #WordPress #Security

    @transilienceai

    19 Dec 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10892 (Published: 2024-12-18) - A medium severity vulnerability in the WordPress Plugin nan affects multiple versions. 🛠️ To protect your site, ensure you update to the latest version immediately. For more details, visit: https://t.co/AnE00cfpvw #WordPress #Security

    @transilienceai

    19 Dec 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔒 CVE-2024-10892 (Published: 2024-12-18) - A medium severity vulnerability in the WordPress Plugin nan affects multiple versions. To protect your site, ensure you update to the latest version immediately. For more details, visit: https://t.co/AnE00cfpvw #WordPress #Security

    @transilienceai

    19 Dec 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🔒 CVE-2024-10892 (Published: 2024-12-18) - A medium-severity vulnerability in the WordPress Plugin nan affects multiple versions. To protect your site, ensure you update to the latest version immediately. Stay secure! More info: https://t.co/AnE00cfpvw #WordPress #Security

    @transilienceai

    19 Dec 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-10892 CSRF Vulnerability in Cost Calculator Builder WordPress Plugin Exploited The Cost Calculator Builder WordPress plugin, in versions before 3.2.43, has a missing CSRF check problem in some of its AJA... https://t.co/k0ioBkBKyk

    @VulmonFeeds

    18 Dec 2024

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References