CVE-2024-3163
Easy Property Listings < 3.5.4 - Arbitrary Contact Deletion via CSRF
The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected products
Unknown · Easy Property ListingsWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →