CVE-2024-2395

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 12, 2024

Updated: Mar 13, 2024

CWE ID 787

Summary

CVE-2024-2395 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Bulgarisation plugin for WordPress, specifically versions up to and including 3.0.14. This issue stems from faulty or absent nonce validation on various functions within the plugin. Consequently, unauthenticated attackers can manipulate administrators into performing actions, such as deleting labels, by tricking them into clicking malicious links. Such attacks could potentially compromise the affected WordPress site.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uQ_82u
https://www.cve.org/CVERecord?id=CVE-2024-2395
https://nvd.nist.gov/vuln/detail/CVE-2024-2395

Back to Vulnerability Database

CVE-2024-2395

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations