CVE-2024-33679 - Vulnerability Details - OpenCVE

Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Famethemes	Fametheme Demo Importer

No data.

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/famethemes-demo-importer/wordpress-fametheme-demo-importer-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00158}`	epss `{'score': 0.00123}`

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00132}`	epss `{'score': 0.00158}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-04-26T10:40:54.411Z

Updated: 2024-08-02T02:36:04.468Z

Reserved: 2024-04-26T07:21:38.450Z

Link: CVE-2024-33679

Vulnrichment

Updated: 2024-04-30T19:22:22.843Z

NVD

Status : Awaiting Analysis

Published: 2024-04-26T11:15:46.643

Modified: 2024-11-21T09:17:23.480

Link: CVE-2024-33679

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-33679", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-04-26T07:21:38.450Z", "datePublished": "2024-04-26T10:40:54.411Z", "dateUpdated": "2024-08-02T02:36:04.468Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "famethemes-demo-importer", "product": "FameTheme Demo Importer", "vendor": "FameThemes", "versions": [{"changes": [{"at": "1.1.6", "status": "unaffected"}], "lessThanOrEqual": "1.1.5", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Brandon Roldan (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.<p>This issue affects FameTheme Demo Importer: from n/a through 1.1.5.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-05T16:52:19.130Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/famethemes-demo-importer/wordpress-fametheme-demo-importer-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 1.1.6 or a higher version."}], "value": "Update to\u00a01.1.6 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress FameTheme Demo Importer plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "famethemes", "product": "fametheme_demo_importer", "cpes": ["cpe:2.3:a:famethemes:fametheme_demo_importer:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.5", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-30T19:26:10.303031Z", "id": "CVE-2024-33679", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-18T18:06:28.801Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:36:04.468Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/famethemes-demo-importer/wordpress-fametheme-demo-importer-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-33679", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-30T19:26:10.303031Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:famethemes:fametheme_demo_importer:*:*:*:*:*:*:*:*"], "vendor": "famethemes", "product": "fametheme_demo_importer", "versions": [{"status": "affected", "version": "*", "versionType": "custom", "lessThanOrEqual": "1.1.5"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-30T19:22:22.843Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "WordPress FameTheme Demo Importer plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Brandon Roldan (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "FameThemes", "product": "FameTheme Demo Importer", "versions": [{"status": "affected", "changes": [{"at": "1.1.6", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.1.5"}], "packageName": "famethemes-demo-importer", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to\u00a01.1.6 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 1.1.6 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/famethemes-demo-importer/wordpress-fametheme-demo-importer-plugin-1-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5.", "supportingMedia": [{"type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.<p>This issue affects FameTheme Demo Importer: from n/a through 1.1.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-05T16:52:19.130Z"}}}, "cveMetadata": {"cveId": "CVE-2024-33679", "state": "PUBLISHED", "dateUpdated": "2024-06-18T18:06:28.801Z", "dateReserved": "2024-04-26T07:21:38.450Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-04-26T10:40:54.411Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}