CVE-2024-1909

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 27, 2024

Summary

CVE-2024-1909: A critical vulnerability affects the Categorify plugin for WordPress. This issue, present in all versions up to 1.0.7.4, stems from insufficient nonce validation on the 'categorifyAjaxRenameCategory' function. Consequently, attackers can execute a Cross-Site Request Forgery (CSRF) attack, enabling them to rename categories undetected. To exploit this vulnerability, an attacker needs to entice an administrator into performing a specific action, such as clicking on a malicious link.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share