Cross-Site Request Forgery Vulnerability in Peter’s Custom Anti-Spam Plugin for WordPress
CVE-2024-12554
5.4MEDIUM
Summary
CVE-2024-12554 identifies a critical Cross-Site Request Forgery (CSRF) vulnerability in the Peter's Custom Anti-Spam plugin for WordPress. This vulnerability affects all versions up to and including 3.2.3, arising from a lack of nonce validation in the cas_register_post() function. As a result, unauthenticated attackers can execute malicious requests to blacklist emails by tricking a site administrator into interacting with a harmful link. This highlights the importance of implementing robust security measures to verify user actions and protect against CSRF attacks.
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD Database