CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-13523

The MemorialDay plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.2%

CVSS Severity

CVSS v3 Score 6.1

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3232363%40memorialday%2Ftrunk&old=3207291%40memorialday%2Ftrunk&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/96cec16e-7bb3-4279-8c17-eca88d413ad8?source=cve

Products affected by CVE-2024-13523

Shenyanzhi » Memorialday » Version: Any

cpe:2.3:a:shenyanzhi:memorialday:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-13523

Products

Pricing

Contact Us