CVE-2024-26299

CVSS 3.1 Score 6.6 of 10 (medium)

Details

Published Feb 27, 2024
Updated: Feb 28, 2024

Summary

CVE-2024-1906 represents a Cross-Site Request Forgery (CSRF) vulnerability affecting the Categorify plugin for WordPress. Versions up to and including 1.0.7.4 are susceptible to this issue. The root cause is the absence or incorrect implementation of nonce validation in the function categorifyAjaxAddCategory. Consequently, unauthenticated attackers can exploit this weakness by inducing site administrators to click on malicious links, enabling attackers to add categories to the affected WordPress site.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share