CVE-2024-47305

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 25, 2024

Updated: Sep 26, 2024

CWE ID 352

Summary

CVE-2024-47305 is a Cross-Site Request Forgery (CSRF) vulnerability found in the Use Any Font plugin, affecting versions up to 6.3.08. This vulnerability allows unauthorized commands to be transmitted from a user that the web application trusts, posing a medium risk due to its exploitability score of 2.8. Remediation involves updating the Use Any Font plugin to a version beyond 6.3.08 to mitigate potential security threats. The attack requires user interaction and has a low integrity impact, meaning attackers may alter content without compromising overall data confidentiality or availability. Organizations using this plugin should take action promptly to prevent potential exploitation through network-based attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database