CVE-2024-13753

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Feb 20, 2025

Updated: Feb 25, 2025

CWE ID 352

Summary

CVE-2024-13753 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Ultimate Classified Listings plugin for WordPress. In versions up to 1.4, the update_profile function lacks proper nonce validation, exposing users to the risk of email modification by unauthenticated attackers. This weakness could lead to account takeover if an attacker manages to trick a user into executing a malicious request, such as clicking on a malicious link.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/22cA-s
https://www.cve.org/CVERecord?id=CVE-2024-13753
https://nvd.nist.gov/vuln/detail/CVE-2024-13753

Back to Vulnerability Database

CVE-2024-13753

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations