Analysis Summary

CVE-2024-38345 CVSS:4.3

Sola Testimonials/Super Testimonials Plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2022-44633 CVSS:6.5

YITH WooCommerce Gift Cards Premium plugin for WordPress security bypass could allow a remote attacker to bypass security restrictions, caused by missing Authorization. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.

Impact

• Gain Access
• Security Bypass

Indicators of Compromise

CVE

• CVE-2024-38345
• CVE-2022-44633

Affected Vendors

Remediation

Upgrade to the latest version of Plugin, available from the WordPress Plugin Directory.

CVE-2024-38345

CVE-2022-44633