Cross-Site Request Forgery Vulnerability in Tom Royal's Stop Registration Spam Plugin
CVE-2024-56017
7.1HIGH
Summary
CVE-2024-56017 is a significant Cross-Site Request Forgery (CSRF) vulnerability affecting the Stop Registration Spam plugin, developed by Tom Royal. This vulnerability allows attackers to exploit the plugin, resulting in Stored Cross-Site Scripting (XSS) attacks. By tricking a user into executing unintended actions, an attacker can potentially inject malicious scripts, compromising the security of websites using affected versions of the plugin (up to and including version 1.23). Proper mitigation strategies and updates are crucial to safeguard against such vulnerabilities.
Affected Version(s)
Stop Registration Spam <= 1.23
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Credit
0xd4rk5id3 (Patchstack Alliance)