CVE-2024-4100

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
NVD-CWE-Other
View all →

Vulnerability Description

The Pricing Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the ajax() function. This makes it possible for unauthenticated attackers to perform a variety of actions related to managing pricing tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Related Vulnerabilities

CVE-2001-1533

MEDIUM
CVSS:5.3(Medium)

Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying ...

NVD-CWE-Other2001

CVE-2013-7446

MEDIUM
CVSS:5.3(Medium)

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted ep...

NVD-CWE-Other2013

CVE-2014-5278

MEDIUM
CVSS:5.3(Medium)

A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.

NVD-CWE-Other2014

CVE-2015-7279

MEDIUM
CVSS:5.3(Medium)

Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by...

NVD-CWE-Other2015

CVE-2015-8287

MEDIUM
CVSS:5.3(Medium)

Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM devices with firmware through 1022 allow remote attackers to watch live video by visiting an unspecified URL.

NVD-CWE-Other2015