CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-12005

The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wp_bibtex_option_page() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 3.5%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2024-12005

Infinitescript » Wp-Bibtex » Version: N/A

cpe:2.3:a:infinitescript:wp-bibtex:-
Infinitescript » Wp-Bibtex » Version: 1.0.0

cpe:2.3:a:infinitescript:wp-bibtex:1.0.0
Infinitescript » Wp-Bibtex » Version: 1.1.0

cpe:2.3:a:infinitescript:wp-bibtex:1.1.0
Infinitescript » Wp-Bibtex » Version: 2.0.0

cpe:2.3:a:infinitescript:wp-bibtex:2.0.0
Infinitescript » Wp-Bibtex » Version: 2.0.1

cpe:2.3:a:infinitescript:wp-bibtex:2.0.1
Infinitescript » Wp-Bibtex » Version: 2.1.0

cpe:2.3:a:infinitescript:wp-bibtex:2.1.0
Infinitescript » Wp-Bibtex » Version: 2.2.0

cpe:2.3:a:infinitescript:wp-bibtex:2.2.0
Infinitescript » Wp-Bibtex » Version: 2.2.1

cpe:2.3:a:infinitescript:wp-bibtex:2.2.1
Infinitescript » Wp-Bibtex » Version: 2.2.2

cpe:2.3:a:infinitescript:wp-bibtex:2.2.2
Infinitescript » Wp-Bibtex » Version: 2.2.3

cpe:2.3:a:infinitescript:wp-bibtex:2.2.3
Infinitescript » Wp-Bibtex » Version: 2.2.4

cpe:2.3:a:infinitescript:wp-bibtex:2.2.4
Infinitescript » Wp-Bibtex » Version: 2.2.5

cpe:2.3:a:infinitescript:wp-bibtex:2.2.5
Infinitescript » Wp-Bibtex » Version: 2.2.6

cpe:2.3:a:infinitescript:wp-bibtex:2.2.6
Infinitescript » Wp-Bibtex » Version: 2.2.7

cpe:2.3:a:infinitescript:wp-bibtex:2.2.7
Infinitescript » Wp-Bibtex » Version: 3.0.0

cpe:2.3:a:infinitescript:wp-bibtex:3.0.0
Infinitescript » Wp-Bibtex » Version: 3.0.1

cpe:2.3:a:infinitescript:wp-bibtex:3.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-12005

Products

Pricing

Contact Us