{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-54386", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-12-02T12:05:53.484Z", "datePublished": "2024-12-16T14:14:07.722Z", "dateUpdated": "2024-12-16T19:55:20.623Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-12-16T14:14:07.722Z"}, "title": "WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "affected": [{"vendor": "Get Push Monkey LLC", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "push-monkey-desktop-push-notifications", "product": "Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart", "versions": [{"lessThanOrEqual": "3.9", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.</p><p>This issue affects Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/push-monkey-desktop-push-notifications/vulnerability/wordpress-push-monkey-pro-plugin-3-9-csrf-to-stored-xss-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "baseSeverity": "HIGH", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "version": "3.1"}}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Muhamad Agil Fachrian (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-16T19:36:17.818471Z", "id": "CVE-2024-54386", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-16T19:55:20.623Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-54386", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-16T19:36:17.818471Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-16T19:36:20.647Z"}}], "cna": {"title": "WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Muhamad Agil Fachrian (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Get Push Monkey LLC", "product": "Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "3.9"}], "packageName": "push-monkey-desktop-push-notifications", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/push-monkey-desktop-push-notifications/vulnerability/wordpress-push-monkey-pro-plugin-3-9-csrf-to-stored-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9.", "supportingMedia": [{"type": "text/html", "value": "<p>Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.</p><p>This issue affects Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-12-16T14:14:07.722Z"}}}, "cveMetadata": {"cveId": "CVE-2024-54386", "state": "PUBLISHED", "dateUpdated": "2024-12-16T19:55:20.623Z", "dateReserved": "2024-12-02T12:05:53.484Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-12-16T14:14:07.722Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro \u2013 Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9."}], "id": "CVE-2024-54386", "lastModified": "2024-12-16T15:15:12.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-12-16T15:15:12.837", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/push-monkey-desktop-push-notifications/vulnerability/wordpress-push-monkey-pro-plugin-3-9-csrf-to-stored-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}