Cross-Site Request Forgery in Webcamconsult Plugin for WordPress
CVE-2024-13432
6.1MEDIUM
What is CVE-2024-13432?
The Webcamconsult plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in all versions up to, and including, 1.5.0. This flaw can be exploited if an attacker tricks an administrative user into clicking a malicious link, enabling them to update settings or inject harmful web scripts. It’s essential for site administrators to be cautious and implement robust security measures to prevent unauthorized actions.
Affected Version(s)
Webcamconsult * <= 1.5.0