Cross-Site Request Forgery Vulnerability in Nested Pages Plugin
CVE-2024-5943

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Nested Pages
Vendor: CVE Published:; 4 July 2024

What is CVE-2024-5943?

The Nested Pages plugin for WordPress is exposed to a Cross-Site Request Forgery (CSRF) vulnerability due to inadequate nonce validation in the 'settingsPage' function and insufficient sanitization of the 'tab' parameter. This flaw permits unauthorized users to craft requests that can exploit the actions of authenticated users, particularly site administrators. By deceiving an admin into clicking a malicious link, an attacker could leverage this issue to perform unintended actions, undermining the security and integrity of affected WordPress installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Nested Pages * <= 3.2.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-nested-page...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 4, 2024
Vulnerability Reserved
Jun 12, 2024

Credit

Bassem Essam

JSON

Wordpress

What is CVE-2024-5943?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.