From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Plugin Name: WP eStore < 8.5.6 2. Vulnerability Type: CSRF (Cross-Site Request Forgery) 3. Description: The plugin lacks CSRF checks in certain areas, allowing attackers to perform unauthorized actions on behalf of logged-in users via CSRF attacks. 4. Proof of Concept: Provides a sample code snippet demonstrating how to reset plugin settings via a CSRF attack. 5. Affected Plugin: wp-cart-for-digital-products, fixed in version 8.5.6. 6. Reference: CVE ID is CVE-2024-6136. 7. Classification: - Type: XSS (Cross-Site Scripting) - OWASP TOP 10: A7: Cross-Site Scripting (XSS) - CWE: CWE-79 8. Additional Information: - Original Researcher: Bob Matyas - Submitter: Bob Matyas - Submitter Website: https://www.bobmatyas.com - Submitter Twitter: @bobmatyas - Verification Status: Verified - WPVDB ID: 7d85cfe4-4878-4530-ba78-7cfe33f3a8d5 - Publication Date: 2024-07-19 - Added Date: 2024-07-19 - Last Updated Date: 2024-07-19 9. Other Vulnerabilities: - WooCommerce Product Carousel Slider <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode - Shortcodes and extra features for Phlox theme <= 2.15.5 - Contributor+ Stored XSS via title_tag - Multiple Post Passwords < 1.1.2 - Admin+ Stored XSS - Smart Online Order for Clover < 1.5.5 - Reflected XSS - WP-Cufon <= 1.6.10 - Unauthenticated Stored Cross-Site Scripting This information provides a detailed description of the vulnerability, its scope, and remediation status, helping to understand the severity and potential attack vectors.