CVE-2024-11415
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Nov 23, 2024
CWE ID 352
Summary
CVE-2024-11415 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WP-Orphanage Extended plugin for WordPress.Versions up to and including 1.2 are susceptible to this issue. The problem lies in the wporphanageex_menu_settings() function, which lacks proper nonce validation. As a result, unauthenticated attackers can manipulate site administrators into executing malicious actions, such as privilege escalation for orphan accounts, through forged requests.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share