CVE-2024-30560 - Vulnerability Details - OpenCVE

Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00112.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/dx-watermark/wordpress-dx-watermark-plugin-1-0-4-csrf-to-arbitrary-file-upload-and-xss-vulnerability?_s_id=cve

History

Tue, 28 Apr 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description	Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.	Cross-Site Request Forgery (CSRF) vulnerability in 大侠WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-04-25T08:41:42.235Z

Updated: 2026-04-28T16:09:26.750Z

Reserved: 2024-03-27T14:03:29.298Z

Link: CVE-2024-30560

Vulnrichment

Updated: 2024-08-02T01:39:00.626Z

NVD

Status : Deferred

Published: 2024-04-25T09:15:07.740

Modified: 2026-04-28T19:24:11.890

Link: CVE-2024-30560

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-30560", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-03-27T14:03:29.298Z", "datePublished": "2024-04-25T08:41:42.235Z", "dateUpdated": "2026-04-28T16:09:26.750Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "dx-watermark", "product": "DX-Watermark", "vendor": "\u5927\u4fa0WP", "versions": [{"lessThanOrEqual": "1.0.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dimas Maulana (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0WP DX-Watermark.<p>This issue affects DX-Watermark: from n/a through 1.0.4.</p>"}], "value": "Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:09:26.750Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/dx-watermark/wordpress-dx-watermark-plugin-1-0-4-csrf-to-arbitrary-file-upload-and-xss-vulnerability?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress DX-Watermark plugin <= 1.0.4 - CSRF to Arbitrary File Upload and XSS vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30560", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-30T17:12:19.433158Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:39:12.882Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:39:00.626Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/dx-watermark/wordpress-dx-watermark-plugin-1-0-4-csrf-to-arbitrary-file-upload-and-xss-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/dx-watermark/wordpress-dx-watermark-plugin-1-0-4-csrf-to-arbitrary-file-upload-and-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:39:00.626Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-30560", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-30T17:12:19.433158Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-30T17:12:10.407Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "WordPress DX-Watermark plugin <= 1.0.4 - CSRF to Arbitrary File Upload and XSS vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Dimas Maulana (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "\u5927\u4fa0WP", "product": "DX-Watermark", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.0.4"}], "packageName": "dx-watermark", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/vulnerability/dx-watermark/wordpress-dx-watermark-plugin-1-0-4-csrf-to-arbitrary-file-upload-and-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0WP DX-Watermark.This issue affects DX-Watermark: from n/a through 1.0.4.\n\n", "supportingMedia": [{"type": "text/html", "value": "Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0WP DX-Watermark.<p>This issue affects DX-Watermark: from n/a through 1.0.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-04-25T08:41:42.235Z"}}}, "cveMetadata": {"cveId": "CVE-2024-30560", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:39:00.626Z", "dateReserved": "2024-03-27T14:03:29.298Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-04-25T08:41:42.235Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}