cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8477,https://securityvulnerability.io/vulnerability/CVE-2024-8477,Cross-Site Request Forgery Vulnerability Affects Brevo Plugin for WordPress,"The Brevo Newsletter, SMTP, Email marketing, and Subscribe forms plugin for WordPress contains a vulnerability that allows for Cross-Site Request Forgery (CSRF) due to inadequate nonce validation within the Init() function. This security flaw enables unauthenticated attackers to potentially force a logged-in site administrator to log out of a Brevo connection by tricking them into performing an unintended action, such as clicking on a malicious link. This vulnerability affects all plugin versions up to and including 3.1.87, emphasizing the need for website administrators using this plugin to ensure they are operating on the latest version and implementing additional security measures.",Wordpress,"Newsletter, Smtp, Email Marketing And Subscribe Forms By Brevo (formely Sendinblue)",4.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-10-10T02:06:12.095Z,0