CVE-2024-11415

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 23, 2024
CWE ID 352

Summary

CVE-2024-11415 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WP-Orphanage Extended plugin for WordPress.Versions up to and including 1.2 are susceptible to this issue. The problem lies in the wporphanageex_menu_settings() function, which lacks proper nonce validation. As a result, unauthenticated attackers can manipulate site administrators into executing malicious actions, such as privilege escalation for orphan accounts, through forged requests.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share