CVE-2024-1325

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 20, 2024

Summary

CVE-2024-1325 is a Cross-Site Request Forgery vulnerability affecting the Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress. Versions up to 3.4.3 are impacted by this issue. The vulnerability stems from inadequate nonce validation on the 'ajax_cancel_review' function, which allows unauthenticated attackers to manipulate the review count on a targeted site. To exploit this, an attacker must persuade an administrator to perform an action, like clicking a malicious link.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share