CVE-2024-0203

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 7, 2024
Updated: Mar 8, 2024

Summary

CVE-2024-0203 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Digits plugin for WordPress versions up to 8.4.1. The issue stems from a lack of nonce validation in the 'digits_save_settings' function. Consequently, unauthenticated attackers can manipulate the default role of registered users, elevating their privileges. This occurs when a site administrator unwittingly performs an action like clicking on a malicious link.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share