June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Newly Uncovered OpenSSH Vulnerability Poses Remote Code Execution Risk – Active IOCs
July 11, 2024
ICS: Multiple Johnson Controls Software House C Cure Vulnerabilities
July 11, 2024
Newly Uncovered OpenSSH Vulnerability Poses Remote Code Execution Risk – Active IOCs
July 11, 2024
ICS: Multiple Johnson Controls Software House C Cure Vulnerabilities
July 11, 2024
Severity
High
Analysis Summary
CVE-2024-5767 CVSS:8.8
Sitetweet WordPress plugin is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2024-37118 CVSS:5.4
Uncanny Automator Pro Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-5767
- CVE-2024-37118
Affected Vendors
WordPress
Affected Products
- Sitetweet Plugin for WordPress 0.2
- Uncanny Automator Pro Plugin for WordPress
Remediation
Upgrade to the latest version of Plugins, available from the WordPress Plugin Directory.