Cross-Site Request Forgery in WordPress File Upload Plugin
CVE-2024-13494
4.3MEDIUM
What is CVE-2024-13494?
The WordPress File Upload plugin is susceptible to Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in the 'wfu_file_details' function. This vulnerability allows attackers to exploit the system by tricking a site administrator into executing unintended actions. If successful, an attacker could modify user data related to uploaded files without proper authentication, posing significant security risks to WordPress sites utilizing this plugin.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
WordPress File Upload * <= 4.25.2
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tim Coen