CVE-2024-12252
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Jan 7, 2025
CWE ID 94
Summary
CVE-2024-12252: This vulnerability affects the SEO LAT Auto Post plugin for WordPress. The issue lies in the lack of capability checks on the remote_update AJAX action, which is present up to and including version 2.2.1. An attacker can exploit this vulnerability to overwrite the seo-beginner-auto-post.php file, granting them the ability to execute arbitrary code remotely without authentication. This poses a significant security risk and requires immediate attention and patching from WordPress users.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share