Cross-Site Request Forgery Vulnerability in Target Video Easy Publish Plugin for WordPress
CVE-2024-12076
6.1MEDIUM
What is CVE-2024-12076?
The Target Video Easy Publish plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in several key functions, namely resync_carousel(), seek_snapshot(), uploaded_cc(), and remove_cc(). This flaw allows untrusted actors to carry out unauthorized actions if they successfully deceive an administrator into clicking a malicious link, potentially leading to the injection of harmful web scripts.
Affected Version(s)
Target Video Easy Publish * <= 3.8.3