CVE-2024-31386

Summary

Cross-Site Request Forgery (CSRF) vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet Gridsby, TT Themes HappenStance, Marsian i-excel, Out the Box Panoramic, Modernthemesnet Sensible WP.This issue affects X-T9: from n/a through 1.19.0; Lightning: from n/a through 15.18.0; Default Mag: from n/a through 1.3.5; Namaha: from n/a through 1.0.40; CityLogic: from n/a through 1.1.29; i-max: from n/a through 1.6.2; Emmet Lite: from n/a through 1.7.5; Decode: from n/a through 3.15.3; Sliding Door: from n/a through 3.3; Shopstar!: from n/a through 1.1.33; Gridsby: from n/a through 1.3.0; HappenStance: from n/a through 3.0.1; i-excel: from n/a through 1.7.9; Panoramic: from n/a through 1.1.56; Sensible WP: from n/a through 1.3.1.

Affected Software

VendorProductVersion RangeStatus
Hidekazu IshikawaX-T9n/a <= 1.19.0affected
Hidekazu IshikawaLightningn/a <= 15.18.0affected
themeinwpDefault Magn/a <= 1.3.5affected
Out the BoxNamahan/a <= 1.0.40affected
Out the BoxCityLogicn/a <= 1.1.29affected
Marsiani-maxn/a <= 1.6.2affected
JetmonstersEmmet Liten/a <= 1.7.5affected
Macho ThemesDecoden/a <= 3.15.3affected
WayneconnorSliding Doorn/a <= 3.3affected
Out the BoxShopstar!n/a <= 1.1.33affected
ModernthemesnetGridsbyn/a <= 1.3.0affected
TT ThemesHappenStancen/a <= 3.0.1affected
Marsiani-exceln/a <= 1.7.9affected
Out the BoxPanoramicn/a <= 1.1.56affected
ModernthemesnetSensible WPn/a <= 1.3.1affected

Weaknesses

  • CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References