Cross-Site Request Forgery in Simple Add Pages or Posts Plugin for WordPress
CVE-2024-12288

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Simple Add Pages Or Posts
Vendor: CVE Published:; 7 January 2025

Summary

The Simple Add Pages or Posts Plugin for WordPress is affected by a Cross-Site Request Forgery vulnerability due to inadequate nonce validation. This flaw allows unauthenticated attackers to potentially manipulate plugin settings and inject harmful scripts by convincing an administrator to execute a malicious request, thereby compromising the site's security.

Affected Version(s)

Simple add pages or posts * <= 2.0.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/simple-add-pag...

https://wordpress.org/plugins/simple-add-pages-or-posts/#...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 7, 2025
Vulnerability Reserved
Dec 5, 2024

Credit

Dale Mavers