CVE-2024-47315

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Sep 25, 2024
Updated: Sep 30, 2024
CWE ID 352

Summary

CVE-2024-47315 is a Cross-Site Request Forgery (CSRF) vulnerability that affects the GiveWP plugin, specifically versions prior to 3.15.1. This vulnerability allows attackers to exploit user sessions without requiring elevated privileges, posing a medium severity risk with an exploitability score of 2.8. To remediate this issue, organizations should update the GiveWP plugin to version 3.15.1 or later, as this will address the identified security flaw. The potential danger includes unauthorized actions being performed on behalf of users, which could lead to data manipulation or financial loss for organizations using the affected plugin. Given that user interaction is required for exploitation, the risk level remains moderate but still warrants prompt attention from system administrators.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share