Cross-Site Request Forgery Vulnerability in Classified Ads Plugin for WordPress
CVE-2024-1315
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 9 April 2024
What is CVE-2024-1315?
The Classified Listing β Classified ads & Business Directory Plugin for WordPress has a vulnerability that exposes it to Cross-Site Request Forgery (CSRF). In all versions leading up to and including 3.0.4, the absence of proper nonce validation within the 'rtcl_update_user_account' function creates a security loophole. This flaw may allow attackers to craft forged requests that manipulate administrator account details, such as changing passwords and email addresses, once they successfully deceive a site administrator into triggering the action. Consequently, administrators may find themselves locked out of their accounts without the ability to regain access via traditional reset methods, while malicious actors gain control over critical site functionalities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Classified Listing β Classified ads & Business Directory Plugin * <= 3.0.4
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved