CVE-2024-1755: NPS computy <= 2.7.5 - Results Deletion via CSRF
First published: Mon Apr 15 2024(Updated: )
The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Computy NPS | <=2.7.5 | |
| Computy NPS | <=2.7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-1755?
CVE-2024-1755 is considered a medium severity vulnerability due to its potential for CSRF attacks.
How do I fix CVE-2024-1755?
To fix CVE-2024-1755, update the NPS computy WordPress plugin to version 2.7.6 or later, which includes the necessary CSRF checks.
What are the risks associated with CVE-2024-1755?
The risks of CVE-2024-1755 include unauthorized actions being performed on behalf of logged-in users, potentially compromising their accounts.
Which versions of the NPS computy plugin are affected by CVE-2024-1755?
Versions of the NPS computy plugin up to and including 2.7.5 are affected by CVE-2024-1755.
How can attackers exploit CVE-2024-1755?
Attackers can exploit CVE-2024-1755 by tricking logged-in users into performing unwanted actions through CSRF attacks.
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/event
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/guess-ai
- vendor/computy
- canonical/computy nps
- version/computy nps/2.7.5
- vendor/nps