CVE-2024-2343 | Avada Plugin up to 7.11.6 on WordPress form_to_url_action server-side request forgery

Inserito da Angelo Barbosa | Mar 20, 2024 | CVE

A vulnerability was found in Avada Plugin up to 7.11.6 on WordPress and classified as critical. Affected by this issue is the function form_to_url_action. The manipulation leads to server-side request forgery.

This vulnerability is handled as CVE-2024-2343. The attack may be launched remotely. There is no exploit available.

CVE-2024-2343 | Avada Plugin up to 7.11.6 on WordPress form_to_url_action server-side request forgery

Post correlati

CVE-2024-11182 | MDaemon Email Server up to 24.5.1b HTML E-Mail Message HTML injection

CVE-2024-35667 | WP EasyCart Plugin up to 5.5.19 on WordPress authorization

CVE-2024-37311 | CollaboraOnline up to 22.05.23.0/23.05.14-0/24.04.4.2 coolwsd certificate validation (GHSA-hvhm-5c44-977x)

CVE-2024-8980 | Liferay Portal/DXP Script Console cross-site request forgery