CVE-2024-9592

Summary

CVE-2024-9592 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Easy PayPal Gift Certificate plugin for WordPress. This issue arises from inadequate nonce validation in the 'wpppgc_plugin_options' function present in plugin versions up to 1.2.3. Consequently, unauthenticated attackers can manipulate plugin settings and inject malicious JavaScript by tricking administrators into performing a specified action, such as clicking on a malicious link. This flaw poses a significant risk to WordPress sites using the Easy PayPal Gift Certificate plugin and may result in data theft or website defacement. It is highly recommended that users update to the latest plugin version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.