CVE-2024-32101

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Apr 15, 2024

CWE ID 352

Summary

CVE-2024-32101 denotes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Omnisend Email Marketing for WooCommerce. This weakness allows an attacker to manipulate an affected user's session unknowingly, leading to unauthorized actions, such as account takeover or data modification. The flaw impacts versions of the Email Marketing for WooCommerce plugin from n/a to 1.14.3, necessitating an immediate update for mitigation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vU1wVN
https://www.cve.org/CVERecord?id=CVE-2024-32101
https://nvd.nist.gov/vuln/detail/CVE-2024-32101

Back to Vulnerability Database

CVE-2024-32101

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations