Description

The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Related CPE's

a

e4jconnect

vikrentcar

*

*

*

*

*

wordpress

Vulnerable

References

https://wpscan.com/vulnerability/a8d7b564-36e0-4f05-9b49-1b441f453d0a/

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-352

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2024-07-11T06:15:02.613

3 months ago

Last modified

2024-08-01T13:46:13.657

2 months ago