Severity
High
Analysis Summary
CVE-2024-5767 CVSS:8.8
Sitetweet WordPress plugin is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2024-37118 CVSS:5.4
Uncanny Automator Pro Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-5767
- CVE-2024-37118
Affected Vendors
Affected Products
- Sitetweet Plugin for WordPress 0.2
- Uncanny Automator Pro Plugin for WordPress
Remediation
Upgrade to the latest version of Plugins, available from the WordPress Plugin Directory.