CVE-2024-7984 — Vulnetix

CVE-2024-7984 PUBLISHED CVSS 4.300000190734863 MEDIUM

The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

EPSS 0.09% · 25.7th percentile

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Score

0.09%

25.7th percentile

Affected Products

Vendor	Product	Versions
Unknown	Joy Of Text Lite	0
ultimatewpsms	joy_of_text	0

Timeline

May 15, 2025 Coalition ESS Score
May 15, 2025 CVE Published
May 16, 2025 EPSS Score
May 16, 2025 Coalition ESS Score
May 17, 2025 Coalition ESS Score
May 17, 2025 CVE Updated
May 26, 2025 Coalition ESS Score
May 27, 2025 EPSS Score
Jun 8, 2025 EPSS Score
Jun 11, 2025 Coalition ESS Score
Jun 19, 2025 EPSS Score
Jun 30, 2025 EPSS Score

References

https://wpscan.com/vulnerability/07684ecb-5662-4412-8190-7957cfcf7bd3/ exploit
https://nvd.nist.gov/vuln/detail/CVE-2024-7984 advisory
https://wpscan.com/vulnerability/07684ecb-5662-4412-8190-7957cfcf7bd3 url

Open in Interactive Console →