CVE-2024-12293

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 17, 2024

CWE ID 352

Summary

CVE-2024-12293 is a Cross-Site Request Forgery vulnerability affecting the User Role Editor plugin for WordPress. Versions up to and including 4.64.3 are vulnerable, due to erroneous or absent nonce validation in the update_roles() function. This flaw enables unauthenticated attackers to manipulate user roles by tricking site administrators into clicking a malicious link, potentially escalating privileges to administrator level.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1S8kJS
https://www.cve.org/CVERecord?id=CVE-2024-12293
https://nvd.nist.gov/vuln/detail/CVE-2024-12293

Back to Vulnerability Database

CVE-2024-12293

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations