CVE-2024-38778

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 2, 2025

CWE ID 352

Summary

CVE-2024-38778 denotes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Epsiloncool WP Fast Total Search. Affecting versions from n/a to 1.69.234, this issue allows an attacker to force unintended actions from a user, who is currently authenticated to a web application, by tricking them into making a maliciously crafted request. The vulnerability jeopardizes potential data modification and unauthorized access to sensitive information within the affected WordPress plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wjPzHv
https://www.cve.org/CVERecord?id=CVE-2024-38778
https://nvd.nist.gov/vuln/detail/CVE-2024-38778

Back to Vulnerability Database

CVE-2024-38778

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations