CVE-2024-12288
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Jan 7, 2025
CWE ID 352
Summary
CVE-2024-12288 is a vulnerability affecting the Simple AddPages and Posts plugin for WordPress. This issue allows unauthenticated attackers to execute Cross-Site Request Forgery (CSRF) attacks up to and including version 2.0.0. The vulnerability stems from inadequate nonce validation, enabling attackers to trick site administrators into performing actions, such as clicking on a malicious link, and subsequently update settings or inject malicious web scripts.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share