CVE-2024-32105

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Apr 11, 2024

Updated: Apr 12, 2024

CWE ID 352

Summary

CVE-2024-32105 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the ELEX WooCommerce Dynamic Pricing and Discounts plugin. This issue allows an attacker to manipulate user actions on a website, making unintended changes or taking control of the user's account. The vulnerability impacts users running versions from n/a through 2.1.2 of the plugin. To mitigate this risk, it is strongly recommended that affected users update to the latest, secure version of the plugin as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vU0Ruh
https://www.cve.org/CVERecord?id=CVE-2024-32105
https://nvd.nist.gov/vuln/detail/CVE-2024-32105

Back to Vulnerability Database

CVE-2024-32105

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations