CVE-2024-2322

{"id": "CVE-2024-2322", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2024-04-03T05:15:47.920", "references": [{"url": "https://wpscan.com/vulnerability/c740ed3b-d6b8-4afc-8c6b-a1ec37597055/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://wpscan.com/vulnerability/c740ed3b-d6b8-4afc-8c6b-a1ec37597055/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The WooCommerce Cart Abandonment Recovery WordPress plugin before 1.2.27 does not have CSRF check in its bulk actions, which could allow attackers to make logged in admins delete arbitrary email templates as well as delete and unsubscribe users from abandoned orders via CSRF attacks."}, {"lang": "es", "value": "El complemento WooCommerce Cart Abandonment Recovery de WordPress anterior a 1.2.27 no tiene verificaci\u00f3n CSRF en sus acciones masivas, lo que podr\u00eda permitir a los atacantes hacer que los administradores registrados eliminen plantillas de correo electr\u00f3nico arbitrarias, as\u00ed como eliminar y cancelar la suscripci\u00f3n de usuarios de pedidos abandonados a trav\u00e9s de ataques CSRF."}], "lastModified": "2025-04-07T14:19:35.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cartflows:woocommerce_cart_abandonment_recovery:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "360AB08A-D50D-451F-865C-63A17E1B3142", "versionEndExcluding": "1.2.27"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}