CVE-2024-9588

Cross-Site Request Forgery (CSRF) (CWE-352)

Published: Oct 22, 2024 / Updated: 28d ago

010
CVSS 5.4EPSS 0.05%Medium
CVE info copied to clipboard

The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaft_option_page' function. This makes it possible for unauthenticated attackers to add and delete taxonomy meta, granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9588. See article

Oct 22, 2024 at 7:44 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as LOW

Oct 22, 2024 at 7:46 AM
CVE Assignment

NVD published the first details for CVE-2024-9588

Oct 22, 2024 at 8:15 AM
CVSS

A CVSS base score of 5.4 has been assigned.

Oct 22, 2024 at 8:25 AM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 18%)

Oct 23, 2024 at 10:38 AM
Static CVE Timeline Graph

Affected Systems

Aftabhusain/category_and_taxonomy_meta_fields
+null more

Attack Patterns

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
+null more

News

CVE Alert: CVE-2024-9588 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-9588/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_9588
null
- MEDIUM - CVE-2024-9588 The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaft_option_page' function. This makes it possible for unauthenticated attackers to add and delete taxonomy meta, granted they can trick a site administrator into performing an action such as clicking on a link.
Medium - CVE-2024-9588 - The Category and Taxonomy Meta Fields plugin...
The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation...
CVE-2024-9588
Gravedad 3.1 (CVSS 3.1 Base Score) Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CVE-2024-9588 - "WordPress Category and Taxonomy Meta Fields CSRF"
CVE ID : CVE-2024-9588 Published : Oct. 22, 2024, 8:15 a.m. 1 hour, 36 minutes ago Description : The Category and Taxonomy Meta Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the 'wpaft_option_page' function. This makes it possible for unauthenticated attackers to add and delete taxonomy meta, granted they can trick a site administrator into performing an action such as clicking on a link. Severity:
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:None
Integrity:Low
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI