CVE-2024-41597

CVE-2024-41597CVE-2024-41597

processwire / processwire

Description

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful attack technique. Also, the submitted comments are, by default, held for moderator review.

Scoring

CVSS 4.2 ()
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Last modified2026-07-09
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.