CVE-2024-31938

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Apr 15, 2024

CWE ID 352

Summary

CVE-2024-31938 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Themeinwp NewsXpress theme, specifically versions from n/a through 1.0.7. A successful exploit of this issue would allow an attacker to trick a user into performing unintended actions on a web application, such as making unauthorized changes, by forcing the user to unknowingly send malicious requests. This poses a significant risk to website administrators and users using the affected theme.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vUxom2
https://www.cve.org/CVERecord?id=CVE-2024-31938
https://nvd.nist.gov/vuln/detail/CVE-2024-31938

Back to Vulnerability Database

CVE-2024-31938

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations