CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-10040

The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the process_ajax_edit and process_ajax_delete function. This makes it possible for unauthenticated attackers to make changes to plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.8%

CVSS Severity

CVSS v3 Score 5.3

References

https://plugins.trac.wordpress.org/browser/infinite-scroll/trunk/includes/presets.php#L252
https://plugins.trac.wordpress.org/browser/infinite-scroll/trunk/includes/presets.php#L275
https://www.wordfence.com/threat-intel/vulnerabilities/id/4045575a-35f0-46e5-afb7-93eee9be3a97?source=cve

Products affected by CVE-2024-10040

Infinite-Scroll » Infinite-Scroll » Version: N/A

cpe:2.3:a:infinite-scroll:infinite-scroll:-
Infinite-Scroll » Infinite-Scroll » Version: 2.6.2

cpe:2.3:a:infinite-scroll:infinite-scroll:2.6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-10040

Products

Pricing

Contact Us