{"id":"CVE-2024-1230","summary":"SimpleShop \u003c= 2.10.0 - Cross-Site Request Forgery","details":"The SimpleShop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.0. This is due to missing or incorrect nonce validation on the maybe_disconnect_simpleshop function. This makes it possible for unauthenticated attackers to disconnect the site from simpleshop via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.","modified":"2026-07-08T06:33:14.561872109Z","published":"2024-05-09T20:03:34.354Z","database_specific":{"cwe_ids":["CWE-284"],"cna_assigner":"Wordfence","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/1xxx/CVE-2024-1230.json"},"references":[{"type":"WEB","url":"https://plugins.trac.wordpress.org/browser/simpleshop-cz/trunk/src/Settings.php?rev=3019145#L341"},{"type":"WEB","url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/9870db7f-0c8e-44a4-aa0f-13709d773756?source=cve"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/1xxx/CVE-2024-1230.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1230"},{"type":"FIX","url":"https://github.com/redbitcz/simpleshop-wp-plugin/commit/8b04c95bb29036658e6a5b1ef735440646e3199b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/redbitcz/simpleshop-wp-plugin","events":[{"introduced":"0"},{"fixed":"8b04c95bb29036658e6a5b1ef735440646e3199b"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"2.10.0"}],"source":["AFFECTED_FIELD","REFERENCES"]}}],"versions":["v2.10.0","v2.9.1","v2.9.0","v2.8.6","v2.8.5","v2.8.4","v2.8.3","v2.8.2","v2.8.1","v2.8.0","v2.7.0","v2.6.3","v2.6.2","v2.6.1","v2.6.0","v2.5.0","v2.4.2","v2.4.1","v2.4.0","v2.3.2","v2.3.1","v2.2.7","v2.2.6","v2.2.5","v2.2.4","v2.2.3","v2.2.2","v2.2.1","v2.2.0","v2.1.2","v2.1.1","v2.1.0","v2.0.8","v2.0.7","v2.0.6","v2.0.5","v2.0.4","v2.0.3","v2.0.2","v2.0.1","v2.0.0","v1.3.3","v1.3.2","v1.3.1","v1.3.0","v1.2.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1230.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}]}