CVE-2024-9592

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Oct 12, 2024
CWE ID 352

Summary

CVE-2024-9592 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the Easy PayPal Gift Certificate plugin for WordPress, affecting versions up to and including 1.2.3. The vulnerability arises from inadequate nonce validation in the 'wpppgc_plugin_options' function, allowing unauthenticated attackers to modify plugin settings and potentially inject malicious JavaScript if they can trick an administrator into clicking a crafted link. To remediate this issue, users should update the plugin to a version beyond 1.2.3, which addresses the nonce validation flaw. The medium severity of this vulnerability (with a CVSS score of 6.1) poses low integrity and confidentiality impacts but requires user interaction for exploitation. Organizations utilizing this plugin should take immediate action to mitigate potential threats stemming from this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share