CVE-2024-8319

Summary

CVE-2024-8319 identifies a vulnerability in the Tourfic plugin for WordPress, affecting all versions up to and including 2.11.20, which is susceptible to Cross-Site Request Forgery (CSRF) due to improper nonce validation in several functions. This flaw allows unauthenticated attackers to perform actions such as resending order status emails and modifying visitor or order details by tricking site administrators into executing malicious requests. The potential dangers include unauthorized access to sensitive functionalities within the plugin, which could lead to data manipulation and user privacy breaches. To remediate this issue, it is recommended that users update the plugin to the latest patched version available from the developer's site. The vulnerability has a medium severity rating with an exploitability score of 2.8, indicating a low complexity attack requiring user interaction.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.