CVE-2024-12541

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 7, 2025
CWE ID 352

Summary

CVE-2024-12541: A Cross-Site Request Forgery vulnerability affects the Chative Live chat and Chatbot plugin for WordPress, impacting versions up to 1.1. This issue arises due to weak nonce validation on the add_chative_widget_action() function, enabling unauthenticated attackers to manipulate channel IDs or organization IDs. By tricking a site administrator into performing a specific action, such as clicking on a malicious link, attackers can redirect the live chat widget to their own controlled channels, potentially compromising the integrity of the communication platform.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share