{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T00:11:49.832","vulnerabilities":[{"cve":{"id":"CVE-2024-9847","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:50.177","lastModified":"2026-06-17T08:25:22.657","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"FlatPress CMS version latest is vulnerable to Cross-Site Request Forgery (CSRF) attacks that allow an attacker to enable or disable plugins on behalf of a victim user. The attacker can craft a malicious link or script that, when clicked by an authenticated user, will send a request to the FlatPress CMS server to perform the desired action on behalf of the victim user. Since the request is authenticated, the server will process it as if it were initiated by the legitimate user, effectively allowing the attacker to perform unauthorized actions. This vulnerability is fixed in version 1.4.dev."},{"lang":"es","value":"La última versión de FlatPress CMS es vulnerable a ataques de Cross-Site Request Forgery (CSRF), que permiten a un atacante habilitar o deshabilitar complementos en nombre de un usuario víctima. El atacante puede manipular un enlace o script malicioso que, al hacer clic en él un usuario autenticado, enviará una solicitud al servidor de FlatPress CMS para realizar la acción deseada en nombre del usuario víctima. Dado que la solicitud está autenticada, el servidor la procesará como si la hubiera iniciado el usuario legítimo, lo que permite al atacante realizar acciones no autorizadas. Esta vulnerabilidad está corregida en la versión 1.4.dev."}],"affected":[{"source":"security@huntr.dev","affectedData":[{"vendor":"flatpressblog","product":"flatpressblog/flatpress","versions":[{"version":"unspecified","lessThan":"1.4.dev","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":6.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-03-20T17:50:32.386237Z","id":"CVE-2024-9847","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flatpress:flatpress:*:*:*:*:*:*:*:*","versionEndExcluding":"1.4","matchCriteriaId":"EA4D125F-CD88-4951-8066-05871F2E4EDD"}]}]}],"references":[{"url":"https://github.com/flatpressblog/flatpress/commit/a81c968f51f134b5e5f9bbe208aa12f4fbc329df","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/b30ef7b0-74ea-4cac-adc4-1cc8a5cb559e","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}