CVE-2024-13684

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Feb 18, 2025

Updated: Feb 21, 2025

CWE ID 352

Summary

CVE-2024-13684 is a Cross-Site Request Forgery vulnerability affecting the Reset plugin for WordPress. This issue, present in all versions up to 1.6, stems from inadequate nonce validation in the reset_db_page() function. As a result, unauthenticated attackers can reset various tables in the WordPress database, including comments, themes, and plugins, by tricking administrators into executing a malicious link. In essence, this vulnerability poses a significant security risk, enabling attackers to alter critical site data without proper authorization.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2uwvy1
https://www.cve.org/CVERecord?id=CVE-2024-13684
https://nvd.nist.gov/vuln/detail/CVE-2024-13684

Back to Vulnerability Database

CVE-2024-13684

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations