CVE-2024-11444

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 352

Summary

CVE-2024-11444 is a vulnerability affecting the CLUEVO LMS plugin for WordPress, impacting versions up to 1.13.2. The issue stems from a lack of proper nonce validation in the cluevo_render_module_ui() function, leading to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw enables unauthenticated attackers to manipulate site administrators into deleting modules for them, by crafting and executing malicious requests. This can potentially lead to unintended data loss or other malicious actions on the compromised site.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share