The Business Card WordPress plugin through 1.0.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions such as deleting card categories via CSRF attacks

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Esterox
  • Business Card

Configuration 1 [-]

cpe:2.3:a:esterox:business_card:1.0.0:*:*:*:*:wordpress:*:*

No data.

References
Link Providers
https://wpscan.com/vulnerability/082ff0b8-2ecd-4292-832d-0a79e1ba8cb3/ cve-icon cve-icon cve-icon
History

Thu, 01 May 2025 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Esterox
Esterox business Card
Weaknesses CWE-352
CPEs cpe:2.3:a:esterox:business_card:1.0.0:*:*:*:*:wordpress:*:*
Vendors & Products Esterox
Esterox business Card
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2024-08-01T20:40:47.475Z

Reserved: 2024-05-05T15:50:05.103Z

Link: CVE-2024-4529

cve-icon Vulnrichment

Updated: 2024-08-01T20:40:47.475Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-27T06:15:09.840

Modified: 2025-05-01T14:13:21.970

Link: CVE-2024-4529

cve-icon Redhat

No data.