Cross-Site Request Forgery Vulnerability in Nested Pages Plugin
CVE-2024-5943
8.8HIGH
What is CVE-2024-5943?
The Nested Pages plugin for WordPress is exposed to a Cross-Site Request Forgery (CSRF) vulnerability due to inadequate nonce validation in the 'settingsPage' function and insufficient sanitization of the 'tab' parameter. This flaw permits unauthorized users to craft requests that can exploit the actions of authenticated users, particularly site administrators. By deceiving an admin into clicking a malicious link, an attacker could leverage this issue to perform unintended actions, undermining the security and integrity of affected WordPress installations.
Affected Version(s)
Nested Pages * <= 3.2.7