Cross-Site Request Forgery Vulnerability in Action Network Plugin for WordPress
CVE-2024-12394

6.1MEDIUM

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
9 January 2025

Summary

The Action Network plugin for WordPress has a vulnerability that could allow attackers to execute unauthorized actions on behalf of an authenticated administrator due to inadequate nonce validation. This flaw permits unauthenticated attackers to craft malicious requests that can inject harmful scripts into web applications, potentially compromising site integrity and security if a site administrator inadvertently triggers these actions.

Affected Version(s)

Action Network * <= 1.4.4

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dale Mavers
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.