CVE-2024-26299
CVSS 3.1 Score 6.6 of 10 (medium)
Details
Published Feb 27, 2024
Updated: Feb 28, 2024
Summary
CVE-2024-1906 represents a Cross-Site Request Forgery (CSRF) vulnerability affecting the Categorify plugin for WordPress. Versions up to and including 1.0.7.4 are susceptible to this issue. The root cause is the absence or incorrect implementation of nonce validation in the function categorifyAjaxAddCategory. Consequently, unauthenticated attackers can exploit this weakness by inducing site administrators to click on malicious links, enabling attackers to add categories to the affected WordPress site.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share