CVE-2024-38691

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 2, 2025

CWE ID 352

Summary

CVE-2024-38691 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the Metorik Metorik – Reports & Email Automation plugin for WooCommerce. This issue permits malicious actors to execute unauthorized actions on affected WooCommerce sites, using the Metorik plugin, under certain conditions. The vulnerability spans from its initial release up to version 1.7.1. Implementing adequate CSRF protection measures is crucial for preventing potential exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wjMDra
https://www.cve.org/CVERecord?id=CVE-2024-38691
https://nvd.nist.gov/vuln/detail/CVE-2024-38691

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-38691

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations