CVE-2024-8200

Summary

CVE-2024-8200 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress, affecting all versions up to 1.1.2. This vulnerability arises from inadequate nonce validation within the 'update_api_key' function, enabling unauthenticated attackers to exploit it if they can manipulate an administrator into clicking a malicious link. Organizations utilizing affected versions of this plugin may face potential integrity impacts due to unauthorized updates of API keys. To remediate this issue, users should update to the latest patched version of the plugin as outlined in available patches and advisories. The security rating indicates a medium severity level with an exploitability score of 2.8, requiring user interaction for successful exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.