How severe is CVE-2024-11118?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-11118?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2024-11118 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

The 404 Error Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the updatePluginSettings() function. This makes it possible for unauthenticated attackers to make changes to plugin settings and clear up all the error logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Related Vulnerabilities

CVE-2013-6365

MEDIUM

CVSS:5.3(Medium)

Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions

CWE-3522013

CVE-2018-10099

MEDIUM

CVSS:5.3(Medium)

Google Monorail before 2018-04-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with duplicated columns...

CWE-3522018

CVE-2018-19334

MEDIUM

CVSS:5.3(Medium)

Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported axi...

CWE-3522018

CVE-2018-19335

MEDIUM

CVSS:5.3(Medium)

Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby ...

CWE-3522018

CVE-2019-1003017

MEDIUM

CVSS:5.3(Medium)

A data modification vulnerability exists in Jenkins Job Import Plugin 3.0 and earlier in JobImportAction.java that allows attackers to copy jobs from a preconfigured other Jenkins instance, potentiall...

CWE-3522019

CVE-2019-19375

MEDIUM

CVSS:5.3(Medium)

In Octopus Deploy before 2019.10.7, in a configuration where SSL offloading is enabled, the CSRF cookie was sometimes sent without the secure attribute. (The fix for this was backported to LTS version...

CWE-3522019