CVE-2024-12541
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-12541: A Cross-Site Request Forgery vulnerability affects the Chative Live chat and Chatbot plugin for WordPress, impacting versions up to 1.1. This issue arises due to weak nonce validation on the add_chative_widget_action() function, enabling unauthenticated attackers to manipulate channel IDs or organization IDs. By tricking a site administrator into performing a specific action, such as clicking on a malicious link, attackers can redirect the live chat widget to their own controlled channels, potentially compromising the integrity of the communication platform.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- WordPress