CVE-2024-12386

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Feb 12, 2025

Updated: Feb 20, 2025

CWE ID 352

Summary

CVE-2024-12386 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WP Abstracts plugin for WordPress. The flaw, present in all versions up to and including 2.7.3, allows unauthenticated attackers to delete arbitrary accounts. This occurs due to the lack of nonce validation on several functions, enabling malicious actors to trick site administrators into performing destructive actions by simply convincing them to click on a malicious link.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1baerm
https://www.cve.org/CVERecord?id=CVE-2024-12386
https://nvd.nist.gov/vuln/detail/CVE-2024-12386

Back to Vulnerability Database

CVE-2024-12386

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations