Cross-Site Request Forgery Vulnerability in Action Network Plugin for WordPress
CVE-2024-12394
6.1MEDIUM
Summary
The Action Network plugin for WordPress has a vulnerability that could allow attackers to execute unauthorized actions on behalf of an authenticated administrator due to inadequate nonce validation. This flaw permits unauthenticated attackers to craft malicious requests that can inject harmful scripts into web applications, potentially compromising site integrity and security if a site administrator inadvertently triggers these actions.
Affected Version(s)
Action Network * <= 1.4.4
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dale Mavers