Cross-Site Request Forgery in Webcamconsult Plugin for WordPress
CVE-2024-13432

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Webcamconsult
Vendor: CVE Published:; 18 January 2025

What is CVE-2024-13432?

The Webcamconsult plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in all versions up to, and including, 1.5.0. This flaw can be exploited if an attacker tricks an administrative user into clicking a malicious link, enabling them to update settings or inject harmful web scripts. It’s essential for site administrators to be cautious and implement robust security measures to prevent unauthorized actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Webcamconsult * <= 1.5.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 18, 2025
Vulnerability Reserved
Jan 15, 2025

Credit

SOPROBRO

JSON

Wordpress