CVE-2024-7850

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Aug 20, 2024
CWE ID 352

Summary

CVE-2024-7850 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the BP Profile Search plugin for WordPress. Versions up to and including 5.7.5 are impacted. The issue lies in the absence or incorrect implementation of nonce validation on specific functions, namely bps_ajax_field_selector(), bps_ajax_template_options(), and bps_ajax_field_row(). Consequently, unauthenticated attackers can inject malicious web scripts into a targeted WordPress site by tricking administrators into performing certain actions, such as clicking on a malicious link. This could lead to potential security risks like data theft or unauthorized access. Users are advised to update the plugin to the latest version as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share