CVE-2024-12545
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-12545 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Scratch & Win – Giveaways and Contests plugin for WordPress. The flaw, present in all versions up to 2.7.1, stems from the absence of nonce validation in the reset_installation() function. Consequently, unauthenticated attackers can exploit this weakness by manipulating site administrators into executing a malicious request, ultimately leading to the plugin's installation being reset. This vulnerability poses a significant risk to WordPress websites using this plugin, making it crucial for users to update to the latest patched version as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- WordPress