CVE-2024-11673 MEDIUM

CVE-2024-11673: 1000 Projects Bookstore Management System cross-site request forgery

Vendor 1000 Projects

Product Bookstore Management System

Weakness CWE-352 · CSRF

Published November 25, 2024

Last update November 26, 2024

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

November 25, 2024 CVE published

November 26, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-11673 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-39544 WordPress WP Tools plugin <= 5.18 - CSRF to Arbitrary File Deletion vulnerability CVE-2022-39268 orchest vulnerable to cross-site request forgery that allows control of a user instance CVE-2023-44998 WordPress Category Meta Plugin <= 1.2.8 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2024-54394 WordPress Mandrill WP plugin <= 1.0.5 - CSRF to Stored XSS vulnerability CVE-2026-39635 WordPress Grand Magazine theme <= 3.5.5 - Cross Site Request Forgery (CSRF) vulnerability