CVE-2024-47634

Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/woo-save-abandoned-carts/wordpress-cartbounty-plugin-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:majas-lapu-izstrade:cartbounty:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-10-20 11:15

Updated : 2024-10-22 18:46

NVD link : CVE-2024-47634

Mitre link : CVE-2024-47634

CVE.ORG link : CVE-2024-47634

JSON object : View

Products Affected

majas-lapu-izstrade

cartbounty

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2024-47634", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-10-20T11:15:02.217", "references": [{"url": "https://patchstack.com/database/vulnerability/woo-save-abandoned-carts/wordpress-cartbounty-plugin-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty \u2013 Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty \u2013 Save and recover abandoned carts for WooCommerce: from n/a through 8.2."}, {"lang": "es", "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Streamline.Lv CartBounty \u2013 Save and recover abandoned carts for WooCommerce permite Cross-Site Request Forgery. Este problema afecta a CartBounty \u2013 Guardar y recuperar carritos abandonados para WooCommerce: desde n/a hasta 8.2."}], "lastModified": "2024-10-22T18:46:02.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:majas-lapu-izstrade:cartbounty:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "53D63AC8-FD00-4523-9FAD-533AB0854E02", "versionEndExcluding": "8.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}