CVE-2024-11336

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 352

Summary

CVE-2024-11336 is a Cross-Site Request Forgery vulnerability affecting the Clickbank WordPress Plugin (Storefront) in all versions up to 1.7. This issue arises from insufficient or missing nonce validation through the cs_menu page. As a result, unauthenticated attackers can manipulate plugin settings and inject malicious web scripts by tricking administrators into executing a malicious request. This could potentially lead to serious security consequences for vulnerable WordPress sites.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share