CVE-2024-13695

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 25, 2025

Updated: Feb 28, 2025

CWE ID 918

Summary

CVE-2024-13695 is a Server-Side Request Forgery vulnerability affecting the Enfold theme for WordPress. Versions up to and including 6.0.9 are vulnerable. This issue enables authenticated attackers, with Subscriber-level access and above, to manipulate web requests originating from the application. Consequently, attackers can access and modify information from internal services, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Kriesi

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2u5W0t
https://www.cve.org/CVERecord?id=CVE-2024-13695
https://nvd.nist.gov/vuln/detail/CVE-2024-13695

Back to Vulnerability Database

CVE-2024-13695

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations