CVE-2024-4585 MEDIUM

CVE-2024-4585: DedeCMS member_type.php cross-site request forgery

Vendor N/A

Product DedeCMS

Weakness CWE-352 · CSRF

Published May 7, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/member_type.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263307. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

May 7, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-4585 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-47597 WordPress WP Podcasts Manager plugin <= 1.3 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-51487 Insufficient Validation in Catalog (Activation/Deactivation) in Ampache CVE-2024-34806 WordPress Clearfy Cache plugin <= 2.2.1 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-54703 WordPress Integrate Google Drive plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) vulnerability CVE-2025-26926 WordPress Booknetic plugin <= 4.0.9 - Cross Site Request Forgery (CSRF) vulnerability