Cross-Site Request Forgery Vulnerability in Action Network Plugin for WordPress
CVE-2024-12394
6.1MEDIUM
What is CVE-2024-12394?
The Action Network plugin for WordPress has a vulnerability that could allow attackers to execute unauthorized actions on behalf of an authenticated administrator due to inadequate nonce validation. This flaw permits unauthenticated attackers to craft malicious requests that can inject harmful scripts into web applications, potentially compromising site integrity and security if a site administrator inadvertently triggers these actions.
Affected Version(s)
Action Network * <= 1.4.4