CVE-2024-43338
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Nov 19, 2024
CWE ID 352
Summary
CVE-2024-43338: A Cross-Site Request Forgery (CSRF) vulnerability has been discovered in Automattic, Inc.'s Crowdsignal Dashboard. This issue enables unauthorized users to submit malicious requests on behalf of other users who are currently logged into the dashboard. The flaw affects Crowdsignal Dashboard versions from n/a to 3.1.2. Successful exploitation could lead to unintended actions, such as modifying or deleting polls or surveys. Users are advised to update to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share