CVE-2024-31379

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Apr 15, 2024

CWE ID 352

Summary

CVE-2024-31379 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Smash Balloon's Social Post Feed plugin. The flaw, present in versions 4.2.1 and older, allows malicious actors to make unauthorized requests on behalf of a user, potentially leading to data manipulation or unintended actions within the affected WordPress site. This issue poses a significant risk to websites using the Smash Balloon Social Post Feed plugin and is advised to be addressed with an immediate upgrade to the latest patched version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vZd9bd
https://www.cve.org/CVERecord?id=CVE-2024-31379
https://nvd.nist.gov/vuln/detail/CVE-2024-31379

Back to Vulnerability Database

CVE-2024-31379

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations