CVE-2024-12003

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 352

Summary

CVE-2024-12003 is a Cross-Site Request Forgery vulnerability affecting the WP System plugin for WordPress. Versions up to and including 1.1.1 are at risk due to inadequate nonce validation on the generate_wp_system_page_content() function. This weakness allows unauthenticated attackers to inject malicious web scripts if they can persuade a site administrator to execute a malicious action, such as clicking on a link. The vulnerability could potentially lead to the execution of arbitrary code on the targeted website. It is essential for WordPress users to update the WP System plugin to a secure version promptly to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share