CVE-2024-13348

Summary

CVE-2024-13348 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Smart Agenda – Prise de rendez-vous en ligne plugin for WordPress. Versions up to 4.7 are impacted by this issue. The vulnerability stems from insufficient or missing nonce validation on the smartagenda_options_page_html() function. Unauthenticated attackers can manipulate this weakness to update settings and inject malicious web scripts by tricking a site administrator into executing a malicious action, such as clicking a crafted link. This could potentially lead to significant security risks, including data breaches or site takeovers. It's crucial that users upgrade to the latest version of the plugin to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.