CVE-2024-31386

MEDIUM

WordPress Themes - Cross-Site Request Forgery

Title source: manual
STIX 2.1

Description

Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.This issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1.

References (15)

Core 15
Core References

Scores

CVSS v3 4.3
EPSS 0.0037
EPSS Percentile 28.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (15)
Hidekazu Ishikawa/Lightning < 15.18.0
Hidekazu Ishikawa/X-T9 < 1.19.0
Jetmonsters/Emmet Lite < 1.7.5
Macho Themes/Decode < 3.15.3
Marsian/i-excel < 1.7.9
Marsian/i-max < 1.6.2
Modernthemesnet/Gridsby < 1.3.0
Modernthemesnet/Sensible WP < 1.3.1
Out the Box/CityLogic < 1.1.29
Out the Box/Namaha < 1.0.40
... and 5 more
Published Apr 10, 2024
Tracked Since Feb 18, 2026