CVE-2024-54386

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Dec 16, 2024

CWE ID 352

Summary

CVE-2024-54386 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Get Push Monkey LLC's Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart. Versions from n/a to 3.9 are susceptible to this issue. A successful exploit of this vulnerability allows an attacker to craft malicious requests that can be executed on behalf of a user without their knowledge or consent, potentially leading to unintended actions such as account takeover or data manipulation. Users are urged to update their software to the latest version to mitigate this security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1KJtM6
https://www.cve.org/CVERecord?id=CVE-2024-54386
https://nvd.nist.gov/vuln/detail/CVE-2024-54386

Back to Vulnerability Database

CVE-2024-54386

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations