Wiz
Vulnerability DatabaseCVE-2024-1962

CVE-2024-1962
WordPress vulnerability analysis and mitigation

Overview

The CM Download Manager WordPress plugin before version 2.9.1 contains a Cross-Site Request Forgery (CSRF) vulnerability. The vulnerability was discovered and disclosed on March 4, 2024, and is tracked as CVE-2024-1962. The plugin lacks CSRF checks in certain functionality, affecting the download editing capabilities (WPScan).

Technical details

The vulnerability stems from missing CSRF protection mechanisms in specific areas of the plugin's functionality. This security flaw has been assigned a CVSS score of 8.8 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating its significant severity. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (WPScan).

Impact

If exploited, this vulnerability could allow attackers to trick authenticated administrators into performing unintended actions on the plugin's download management system. Specifically, attackers could manipulate administrators into editing downloads without their knowledge or consent through CSRF attacks (WPScan).

Mitigation and workarounds

The vulnerability has been patched in version 2.9.1 of the CM Download Manager plugin. Users are strongly advised to update to this version or later to protect against potential CSRF attacks (WPScan).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo