CVE-2024-10946

CVSS 2.0 Score 5.8 of 10 (medium)

Details

Published Nov 7, 2024

Updated: Nov 8, 2024

CWE ID 74

CWE ID 89

Summary

CVE-2024-10922 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Featured Posts Scroll plugin for WordPress. Versions up to and including 1.25 are susceptible to this issue due to insufficient or missing nonce validation on a function. An attacker can exploit this weakness by tricking a site administrator into performing an action, such as clicking on a malicious link, allowing the attacker to update settings or inject malicious web scripts without authentication.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0R0IJ-
https://www.cve.org/CVERecord?id=CVE-2024-10946
https://nvd.nist.gov/vuln/detail/CVE-2024-10946

Back to Vulnerability Database

CVE-2024-10946

CVSS 2.0 Score 5.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations