CVE-2024-9847
NONE EPSS 23.3%
Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress CMS server to perform the desired action on behalf of the victim user. Since the request is authenticated, the server will process it as if it were initiated by the legitimate user, effectively allowing the attacker to perform unauthorized actions. This vulnerability is fixed in version 1.4.dev.
Threat Intelligence
EPSS Exploit Probability
23.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-352 Cross-Site Request Forgery (CSRF) Authentication
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| flatpress | flatpress | * | <1.4 |
References 2
- github.com https://github.com/flatpressblog/flatpress/commit/a81c968f51f134b5e5f9bbe208aa12f4fbc329df
- huntr.com https://huntr.com/bounties/b30ef7b0-74ea-4cac-adc4-1cc8a5cb559e
Remediation
- github.com https://github.com/flatpressblog/flatpress/commit/a81c968f51f134b5e5f9bbe208aa12f4fbc329df