CVE-2024-31238 - Vulnerability Details - OpenCVE

Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zaytech	Smart Online Order For Clover

Configuration 1 [-]

cpe:2.3:a:zaytech:smart_online_order_for_clover:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/clover-online-orders/wordpress-smart-online-order-for-clover-plugin-1-5-5-csrf-leading-to-coupon-creation-modification-vulnerability?_s_id=cve

History

Mon, 10 Feb 2025 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zaytech Zaytech smart Online Order For Clover
CPEs		cpe:2.3:a:zaytech:smart_online_order_for_clover::::::wordpress::*
Vendors & Products		Zaytech Zaytech smart Online Order For Clover

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-04-12T13:00:26.659Z

Updated: 2024-08-08T18:43:43.127Z

Reserved: 2024-03-29T16:01:36.330Z

Link: CVE-2024-31238

Vulnrichment

Updated: 2024-08-02T01:46:04.938Z

NVD

Status : Analyzed

Published: 2024-04-12T13:15:15.730

Modified: 2025-02-10T19:11:09.237

Link: CVE-2024-31238

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31238", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-29T16:01:36.330Z", "datePublished": "2024-04-12T13:00:26.659Z", "dateUpdated": "2024-08-08T18:43:43.127Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "clover-online-orders", "product": "Smart Online Order for Clover", "vendor": "Zaytech", "versions": [{"changes": [{"at": "1.5.6", "status": "unaffected"}], "lessThanOrEqual": "1.5.5", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "thiennv (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.<p>This issue affects Smart Online Order for Clover: from n/a through 1.5.5.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-04-12T13:00:26.659Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/clover-online-orders/wordpress-smart-online-order-for-clover-plugin-1-5-5-csrf-leading-to-coupon-creation-modification-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.5.6 or a higher version."}], "value": "Update to 1.5.6 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Smart Online Order for Clover plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:46:04.938Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/clover-online-orders/wordpress-smart-online-order-for-clover-plugin-1-5-5-csrf-leading-to-coupon-creation-modification-vulnerability?_s_id=cve"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-08T18:43:31.288107Z", "id": "CVE-2024-31238", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T18:43:43.127Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31238", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-29T16:01:36.330Z", "datePublished": "2024-04-12T13:00:26.659Z", "dateUpdated": "2024-08-08T18:43:43.127Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "clover-online-orders", "product": "Smart Online Order for Clover", "vendor": "Zaytech", "versions": [{"changes": [{"at": "1.5.6", "status": "unaffected"}], "lessThanOrEqual": "1.5.5", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "thiennv (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.<p>This issue affects Smart Online Order for Clover: from n/a through 1.5.5.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-04-12T13:00:26.659Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/clover-online-orders/wordpress-smart-online-order-for-clover-plugin-1-5-5-csrf-leading-to-coupon-creation-modification-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.5.6 or a higher version."}], "value": "Update to 1.5.6 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Smart Online Order for Clover plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:46:04.938Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/clover-online-orders/wordpress-smart-online-order-for-clover-plugin-1-5-5-csrf-leading-to-coupon-creation-modification-vulnerability?_s_id=cve"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31238", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-08T18:43:31.288107Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T18:43:34.335Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zaytech:smart_online_order_for_clover:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "199C234F-37B9-492B-A209-ED1211A224DE", "versionEndExcluding": "1.5.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover.This issue affects Smart Online Order for Clover: from n/a through 1.5.5.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Zaytech Smart Online Order for Clover. Este problema afecta a Smart Online Order for Clover: desde n/a hasta 1.5.5."}], "id": "CVE-2024-31238", "lastModified": "2025-02-10T19:11:09.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-12T13:15:15.730", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/clover-online-orders/wordpress-smart-online-order-for-clover-plugin-1-5-5-csrf-leading-to-coupon-creation-modification-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/clover-online-orders/wordpress-smart-online-order-for-clover-plugin-1-5-5-csrf-leading-to-coupon-creation-modification-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Secondary"}]}