CVE-2024-43275

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 15, 2024

CWE ID 352

Summary

CVE-2024-43275 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Insert PHP Code Snippet feature in Xyzscripts. This issue allows malicious actors to manipulate the actions of an unsuspecting user, potentially leading to unauthorized changes or data theft. The vulnerability exists from version n/a to 1.3.6 of Insert PHP Code Snippet. Users are urged to update to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Insert PHP Code Snippet Plugin

Affected Vendors

WordPress

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xnnN_l
https://www.cve.org/CVERecord?id=CVE-2024-43275
https://nvd.nist.gov/vuln/detail/CVE-2024-43275

Back to Vulnerability Database