2024-10-20 12:03:18 +00:00
{
"id" : "CVE-2024-47634" ,
"sourceIdentifier" : "audit@patchstack.com" ,
"published" : "2024-10-20T11:15:02.217" ,
2024-10-22 20:03:35 +00:00
"lastModified" : "2024-10-22T18:46:02.253" ,
"vulnStatus" : "Analyzed" ,
2024-10-20 12:03:18 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty \u2013 Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty \u2013 Save and recover abandoned carts for WooCommerce: from n/a through 8.2."
2024-10-21 18:03:24 +00:00
} ,
{
"lang" : "es" ,
"value" : "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Streamline.Lv CartBounty \u2013 Save and recover abandoned carts for WooCommerce permite Cross-Site Request Forgery. Este problema afecta a CartBounty \u2013 Guardar y recuperar carritos abandonados para WooCommerce: desde n/a hasta 8.2."
2024-10-20 12:03:18 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2024-10-22 20:03:35 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "audit@patchstack.com" ,
"type" : "Secondary" ,
2024-10-22 20:03:35 +00:00
"cvssData" : {
"version" : "3.1" ,
2024-12-08 03:06:42 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" ,
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM" ,
2024-10-22 20:03:35 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
2024-12-08 03:06:42 +00:00
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "LOW"
2024-10-22 20:03:35 +00:00
} ,
"exploitabilityScore" : 3.9 ,
2024-12-08 03:06:42 +00:00
"impactScore" : 2.5
2024-10-22 20:03:35 +00:00
} ,
2024-10-20 12:03:18 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2024-10-20 12:03:18 +00:00
"cvssData" : {
"version" : "3.1" ,
2024-12-08 03:06:42 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL" ,
2024-10-20 12:03:18 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
2024-12-08 03:06:42 +00:00
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH"
2024-10-20 12:03:18 +00:00
} ,
"exploitabilityScore" : 3.9 ,
2024-12-08 03:06:42 +00:00
"impactScore" : 5.9
2024-10-20 12:03:18 +00:00
}
]
} ,
"weaknesses" : [
{
"source" : "audit@patchstack.com" ,
2024-12-15 03:03:56 +00:00
"type" : "Primary" ,
2024-10-20 12:03:18 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-352"
}
]
}
] ,
2024-10-22 20:03:35 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:majas-lapu-izstrade:cartbounty:*:*:*:*:*:wordpress:*:*" ,
"versionEndExcluding" : "8.2.1" ,
"matchCriteriaId" : "53D63AC8-FD00-4523-9FAD-533AB0854E02"
}
]
}
]
}
] ,
2024-10-20 12:03:18 +00:00
"references" : [
{
"url" : "https://patchstack.com/database/vulnerability/woo-save-abandoned-carts/wordpress-cartbounty-plugin-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" ,
2024-10-22 20:03:35 +00:00
"source" : "audit@patchstack.com" ,
"tags" : [
"Third Party Advisory"
]
2024-10-20 12:03:18 +00:00
}
]
}
