CVE-2024-10946
CVSS 2.0 Score 5.8 of 10 (medium)
Details
Published Nov 7, 2024
Updated: Nov 8, 2024
CWE ID 74
CWE ID 89
Summary
CVE-2024-10922 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Featured Posts Scroll plugin for WordPress. Versions up to and including 1.25 are susceptible to this issue due to insufficient or missing nonce validation on a function. An attacker can exploit this weakness by tricking a site administrator into performing an action, such as clicking on a malicious link, allowing the attacker to update settings or inject malicious web scripts without authentication.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share