CVE-2024-3756

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-3756

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3756.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-3756

Aliases

Published

2024-05-06T06:15:07.197Z

Modified

2026-03-14T12:34:24.970138Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack

References

https://wpscan.com/vulnerability/b28d0dca-2df1-4925-be81-dd9c46859c38/

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3756.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.2.1"
            }
        ]
    }
]