CVE-2024-30560 CRITICAL

CVE-2024-30560: WordPress DX-Watermark plugin <= 1.0.4 - CSRF to Arbitrary File Upload and XSS vulnerability

Vendor 大侠Wp
Product DX-Watermark
Weakness CWE-352 · CSRF
Published April 25, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

9.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.

Key dates

02Disclosure timeline

April 25, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-25481 WordPress Podlove Subscribe button Plugin <= 1.3.7 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2023-45605 WordPress Feed Statistics Plugin <= 4.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2021-32929 Uffizio GPS Tracker Cross-site Request Forgery CVE-2022-1957 Comment License < 1.4.0 - Arbitrary Settings Update via CSRF CVE-2025-29766 Tuleap has missing CSRF protections on artifact submission & edition from the tracker view