Cross-Site Request Forgery Vulnerability in Index Now Plugin for WordPress
CVE-2024-0428
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 5 February 2024
What is CVE-2024-0428?
The Index Now plugin for WordPress exhibits a vulnerability where Cross-Site Request Forgery can be exploited across all versions up to and including 2.6.3. This issue arises from inadequate nonce validation in the 'reset_form' function, enabling unauthenticated attackers to delete arbitrary site options through forged requests, provided they can trick a site administrator into performing specific actions, such as clicking on a malicious link. Site administrators are advised to update their plugins to version 2.6.4 or later to mitigate associated risks.
Affected Version(s)
CrawlWP SEO β Instant Search Engine Indexing & SEO Performance Monitor 0 <= 2.6.3