CVE-2024-5028

MEDIUM

CM WordPress Search And Replace Plugin < 1.3.9 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

The CM WordPress Search And Replace Plugin WordPress plugin before 1.3.9 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/0bae8494-7b01-4203-a4f7-ccc60efbdda7/

Scores

CVSS v3 6.5
EPSS 0.0022
EPSS Percentile 13.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
cminds/cm_search_and_replace < 1.3.9
Published Jul 13, 2024
Tracked Since Feb 18, 2026