CVE-2024-12322
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Jan 7, 2025
CWE ID 352
Summary
CVE-2024-12322: The WordPress plugin ThePerfectWedding.nl Widget is susceptible to Cross-Site Request Forgery (CSRF). This vulnerability affects all versions up to 2.8. The issue stems from flawed or absent nonce validation on the 'update_option' function. Attackers can exploit this weakness by tricking administrators into clicking malicious links, allowing the attacker to update the 'tpwKey' option with stored Cross-Site Scripting (XSS) code.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share