CVE-2024-12282

MEDIUM

Smyx Wp-connect < 2.5.6 - CSRF

Title source: rule

Description

The WordPress连接微博 WordPress plugin through 2.5.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

References (1)

Scores

CVSS v3 6.1
EPSS 0.0006
EPSS Percentile 19.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-352
Status published

Affected Products (1)

smyx/wp-connect < 2.5.6

Timeline

Published May 15, 2025
Tracked Since Feb 18, 2026