CVE-2024-4531: Business Card <= 1.0.0 - Card Edit via CSRF
First published: Mon May 27 2024(Updated: )
The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as editing cards via CSRF attacks
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress Business Card Block | <=1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-4531?
CVE-2024-4531 is considered a medium severity vulnerability due to the potential for CSRF attacks.
How do I fix CVE-2024-4531?
To fix CVE-2024-4531, upgrade the Business Card WordPress plugin to a version that includes CSRF protection.
What type of attack does CVE-2024-4531 allow?
CVE-2024-4531 allows attackers to perform CSRF attacks, leading to unwanted actions by logged-in users.
Which versions of the Business Card WordPress plugin are affected by CVE-2024-4531?
CVE-2024-4531 affects all versions of the Business Card WordPress plugin up to and including 1.0.0.
What actions could attackers perform due to CVE-2024-4531?
Attackers could manipulate logged-in users to edit or manage business cards without their consent due to CVE-2024-4531.
- agent/title
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/author
- agent/weakness
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/business card
- canonical/wordpress business card block