CVE-2024-6244

HIGH

PZ Frontend Manager <1.0.6 - CSRF

Title source: llm

Description

The PZ Frontend Manager WordPress plugin before 1.0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Exploits (3)

nomisec WORKING POC

by Nxploited · poc

https://github.com/Nxploited/CVE-2024-6244

View Code ZIP pw:eip

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-6244

View Code ZIP pw:eip

exploitdb WORKING POC

by Vuln Seeker Cybersecurity Team · webappsphp

https://www.exploit-db.com/exploits/52153

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/73ba55a5-6cff-40fc-9686-30c50f060732/

Scores

CVSS v3 8.8

EPSS 0.1129

EPSS Percentile 93.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-352

Status published

Affected Products (1)

projectzealous/pz_frontend_manager < 1.0.6

Timeline

Published Jul 22, 2024

Tracked Since Feb 18, 2026