nvd-json-data-feeds/CVE-2024/CVE-2024-543xx/CVE-2024-54386.json

{
  "id": "CVE-2024-54386",
  "sourceIdentifier": "audit@patchstack.com",
  "published": "2024-12-16T15:15:12.837",
  "lastModified": "2024-12-16T15:15:12.837",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Get Push Monkey LLC Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart permite Cross Site Request Forgery. Este problema afecta a Push Monkey Pro \u2013 Web Push Notifications y WooCommerce Abandoned Cart: desde n/a hasta 3.9."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "audit@patchstack.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "audit@patchstack.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://patchstack.com/database/wordpress/plugin/push-monkey-desktop-push-notifications/vulnerability/wordpress-push-monkey-pro-plugin-3-9-csrf-to-stored-xss-vulnerability?_s_id=cve",
      "source": "audit@patchstack.com"
    }
  ]
}