CVE-2024-10581

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 15, 2025

Updated: Feb 24, 2025

CWE ID 352

Summary

CVE-2024-10581 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the DirectoryPress Frontend plugin for WordPress. Versions up to and including 2.7.9 are vulnerable due to insufficient nonce validation on the dpfl_listingStatusChange() function. An attacker can exploit this weakness by tricking a site administrator into clicking a malicious link, enabling the attacker to update listing statuses without proper authorization. This can lead to unintended changes and potential security risks for WordPress sites using the DirectoryPress Frontend plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0DMKg2
https://www.cve.org/CVERecord?id=CVE-2024-10581
https://nvd.nist.gov/vuln/detail/CVE-2024-10581

Back to Vulnerability Database

CVE-2024-10581

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations