CVE-2024-3756

{"id": "CVE-2024-3756", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2024-05-06T06:15:07.197", "references": [{"url": "https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack"}, {"lang": "es", "value": "El complemento MF Gig Calendar de WordPress hasta la versi\u00f3n 1.2.1 no tiene comprobaciones CSRF en algunos lugares, lo que podr\u00eda permitir a los atacantes hacer que los Colaboradores registrados y superiores eliminen eventos arbitrarios mediante un ataque CSRF."}], "lastModified": "2025-04-18T12:54:00.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mf_gig_calendar_project:mf_gig_calendar:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9A95FA02-9E77-43CF-8A55-E9C907928ED7", "versionEndIncluding": "1.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}