Cross-Site Request Forgery Vulnerability in Index Now Plugin for WordPress
CVE-2024-0428

7.1HIGH

What is CVE-2024-0428?

The Index Now plugin for WordPress exhibits a vulnerability where Cross-Site Request Forgery can be exploited across all versions up to and including 2.6.3. This issue arises from inadequate nonce validation in the 'reset_form' function, enabling unauthenticated attackers to delete arbitrary site options through forged requests, provided they can trick a site administrator into performing specific actions, such as clicking on a malicious link. Site administrators are advised to update their plugins to version 2.6.4 or later to mitigate associated risks.

Affected Version(s)

CrawlWP SEO – Instant Search Engine Indexing & SEO Performance Monitor 0 <= 2.6.3

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Francesco Carlucci
.