{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-38790", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-06-19T15:07:57.036Z", "datePublished": "2025-01-02T12:01:09.453Z", "dateUpdated": "2026-04-28T16:10:07.233Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "smartsupp-live-chat", "product": "Smartsupp \u2013 live chat, chatbots, AI and lead generation", "vendor": "Smartsupp", "versions": [{"changes": [{"at": "3.7", "status": "unaffected"}], "lessThanOrEqual": "3.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Ananda Dhakal (Patchstack)"}], "datePublic": "2026-04-01T16:27:00.114Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp \u2013 live chat, chatbots, AI and lead generation smartsupp-live-chat allows Cross Site Request Forgery.<p>This issue affects Smartsupp \u2013 live chat, chatbots, AI and lead generation: from n/a through <= 3.6.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp \u2013 live chat, chatbots, AI and lead generation smartsupp-live-chat allows Cross Site Request Forgery.This issue affects Smartsupp \u2013 live chat, chatbots, AI and lead generation: from n/a through <= 3.6."}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "Cross Site Request Forgery"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:10:07.233Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/smartsupp-live-chat/vulnerability/wordpress-smartsupp-plugin-3-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "title": "WordPress Smartsupp plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38790", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-02T14:44:34.161550Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-02T14:52:04.593Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38790", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-02T14:44:34.161550Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-02T14:44:36.517Z"}}], "cna": {"title": "WordPress Smartsupp plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Ananda Dhakal (Patchstack)"}], "impacts": [{"capecId": "CAPEC-62", "descriptions": [{"lang": "en", "value": "CAPEC-62 Cross Site Request Forgery"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Smartsupp", "product": "Smartsupp \u2013 live chat, chatbots, AI and lead generation", "versions": [{"status": "affected", "changes": [{"at": "3.7", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "3.6"}], "packageName": "smartsupp-live-chat", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "No patched version is available. WP plugins review team notified.", "supportingMedia": [{"type": "text/html", "value": "No patched version is available. WP plugins review team notified.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/smartsupp-live-chat/vulnerability/wordpress-smartsupp-plugin-3-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp \u2013 live chat, chatbots, AI and lead generation allows Cross Site Request Forgery.This issue affects Smartsupp \u2013 live chat, chatbots, AI and lead generation: from n/a through 3.6.", "supportingMedia": [{"type": "text/html", "value": "<p>Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp \u2013 live chat, chatbots, AI and lead generation allows Cross Site Request Forgery.</p><p>This issue affects Smartsupp \u2013 live chat, chatbots, AI and lead generation: from n/a through 3.6.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-01-02T12:01:09.453Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38790", "state": "PUBLISHED", "dateUpdated": "2025-01-02T14:52:04.593Z", "dateReserved": "2024-06-19T15:07:57.036Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-01-02T12:01:09.453Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp \u2013 live chat, chatbots, AI and lead generation smartsupp-live-chat allows Cross Site Request Forgery.This issue affects Smartsupp \u2013 live chat, chatbots, AI and lead generation: from n/a through <= 3.6."}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Smartsupp Smartsupp \u2013 live chat, chatbots, AI y lead generation permite Cross-Site Request Forgery . Este problema afecta a Smartsupp Smartsupp \u2013 live chat, chatbots, AI y lead generation: desde n/a hasta 3.6."}], "id": "CVE-2024-38790", "lastModified": "2026-04-23T15:18:47.153", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-01-02T12:15:23.763", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/smartsupp-live-chat/vulnerability/wordpress-smartsupp-plugin-3-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"created": "2025-07-12T15:42:43.482559+00:00", "updated": "2025-07-12T15:42:43.482635+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}