CVE-2024-6857

{"id": "CVE-2024-6857", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-04-09T06:15:39.347", "references": [{"url": "https://wpscan.com/vulnerability/97636602-2dd0-465b-b6dc-acb42147edb3/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack"}, {"lang": "es", "value": "El complemento WP MultiTasking para WordPress hasta la versi\u00f3n 0.1.12 no tiene verificaci\u00f3n CSRF al actualizar las configuraciones de script de encabezado, pie de p\u00e1gina y cuerpo, lo que podr\u00eda permitir a los atacantes hacer que los administradores registrados realicen dicha acci\u00f3n a trav\u00e9s de un ataque CSRF."}], "lastModified": "2025-04-22T17:25:10.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ngothang:wp_multitasking:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E7B870E4-8199-46B0-95CD-11735A373DE4", "versionEndIncluding": "0.1.12"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}