Cross-Site Request Forgery vulnerability in Pulsating Chat Button plugin
CVE-2024-11813

6.1MEDIUM

Key Information:

Vendor

Wordpress
Vendor
CVE Published:
4 December 2024

What is CVE-2024-11813?

The Pulsating Chat Button plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in the amin_chat_button_settings_page() function. This vulnerability allows unauthenticated attackers to manipulate plugin settings and potentially inject harmful scripts by tricking a site administrator into executing unintended actions, such as clicking a link. As a result, it is crucial for WordPress site operators using this plugin to implement appropriate security measures to mitigate this risk.

References

https://plugins.trac.wordpress.org/browser/amin-chat-butt...
https://www.wordfence.com/threat-intel/vulnerabilities/id...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.