CVE-2024-8094 - Vulnerability Details - OpenCVE

The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Ionutstaicu	Ntz Atispam

Configuration 1 [-]

cpe:2.3:a:ionutstaicu:ntz_atispam:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/cacfde9e-c6fa-4918-8e59-461b67b5e979/

History

Tue, 27 May 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ionutstaicu Ionutstaicu ntz Atispam
Weaknesses		CWE-352
CPEs		cpe:2.3:a:ionutstaicu:ntz_atispam::::::wordpress::*
Vendors & Products		Ionutstaicu Ionutstaicu ntz Atispam

Tue, 20 May 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 15 May 2025 20:15:00 +0000

Type	Values Removed	Values Added
Description		The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Title		Ntz Antispam <= 2.0e - Settings Update via CSRF
References		https://wpscan.com/vulnerability/cacfde9e-c6fa-4918-8e59-461b67b5e979/

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2025-05-15T20:07:13.771Z

Updated: 2025-05-20T19:20:01.105Z

Reserved: 2024-08-22T13:47:58.717Z

Link: CVE-2024-8094

Vulnrichment

Updated: 2025-05-19T20:24:41.430Z

NVD

Status : Analyzed

Published: 2025-05-15T20:15:57.843

Modified: 2025-05-27T19:58:28.090

Link: CVE-2024-8094

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8094", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-08-22T13:47:58.717Z", "datePublished": "2025-05-15T20:07:13.771Z", "dateUpdated": "2025-05-20T19:20:01.105Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-05-15T20:07:13.771Z"}, "title": "Ntz Antispam <= 2.0e - Settings Update via CSRF", "problemTypes": [{"descriptions": [{"description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Ntz Antispam", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "2.0e"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"}], "references": [{"url": "https://wpscan.com/vulnerability/cacfde9e-c6fa-4918-8e59-461b67b5e979/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Daniel Ruf", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"references": [{"url": "https://wpscan.com/vulnerability/cacfde9e-c6fa-4918-8e59-461b67b5e979/", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-20T18:38:48.618607Z", "id": "CVE-2024-8094", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-20T19:20:01.105Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-8094", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-20T18:38:48.618607Z"}}}], "references": [{"url": "https://wpscan.com/vulnerability/cacfde9e-c6fa-4918-8e59-461b67b5e979/", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-19T20:24:41.430Z"}}], "cna": {"title": "Ntz Antispam <= 2.0e - Settings Update via CSRF", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Daniel Ruf"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Ntz Antispam", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.0e"}], "defaultStatus": "affected"}], "references": [{"url": "https://wpscan.com/vulnerability/cacfde9e-c6fa-4918-8e59-461b67b5e979/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-05-15T20:07:13.771Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8094", "state": "PUBLISHED", "dateUpdated": "2025-05-20T19:20:01.105Z", "dateReserved": "2024-08-22T13:47:58.717Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2025-05-15T20:07:13.771Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ionutstaicu:ntz_atispam:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "74A5F15E-1DD2-4FDA-999F-F40C7B7C607E", "versionEndIncluding": "2.0e", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Ntz Antispam WordPress plugin through 2.0e does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack"}, {"lang": "es", "value": "El complemento Ntz Antispam de WordPress hasta la versi\u00f3n 2.0e no tiene una verificaci\u00f3n CSRF activada al actualizar sus configuraciones, lo que podr\u00eda permitir a los atacantes hacer que un administrador que haya iniciado sesi\u00f3n las cambie mediante un ataque CSRF."}], "id": "CVE-2024-8094", "lastModified": "2025-05-27T19:58:28.090", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-15T20:15:57.843", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/cacfde9e-c6fa-4918-8e59-461b67b5e979/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/cacfde9e-c6fa-4918-8e59-461b67b5e979/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "[email protected]", "type": "Primary"}]}