CVE-2024-12028
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Dec 6, 2024
CWE ID 862
Summary
CVE-2024-12028 is a vulnerability affecting the Friends plugin for WordPress. The issue stems from a missing capability check on certain REST API endpoints, present in all versions up to 3.2.1. Consequently, unauthenticated attackers can send arbitrary friend requests on behalf of another website and accept the friend request for the targeted site, gaining the ability to communicate with it as an accepted friend. This vulnerability poses a significant risk to WordPress sites using the Friends plugin, necessitating immediate updates to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share