CVE-2024-9598

Cross-Site Request Forgery (CSRF) (CWE-352)

Published: Oct 25, 2024 / Updated: 25d ago

010
CVSS 8.8EPSS 0.06%High
CVE info copied to clipboard

Summary

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This vulnerability is due to missing or incorrect nonce validation on the 'proxy' function. It allows unauthenticated attackers to send the logged-in user's cookies to their own server via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link.

Impact

This vulnerability has a high severity with a CVSS v3.1 base score of 8.8. The impact on confidentiality, integrity, and availability is rated as HIGH. If exploited, attackers could potentially gain unauthorized access to sensitive information, modify data, or disrupt system operations. The attack vector is through the network, requires low attack complexity, and no privileges, but does require user interaction. This means that while the attack is relatively easy to execute, it relies on tricking an administrator into taking a specific action.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is not explicitly mentioned in the provided information. However, given that the vulnerability affects "all versions up to, and including, 1.0.99.1" of the AMP for WP plugin, it's likely that a patched version higher than 1.0.99.1 may be available or forthcoming. The security team should check for updates to the plugin and apply them as soon as they become available.

Mitigation

To mitigate this vulnerability: 1. Update the AMP for WP – Accelerated Mobile Pages plugin to a version higher than 1.0.99.1 if available. 2. Implement strong CSRF protections, including proper nonce validation for all admin functions, especially the 'proxy' function. 3. Educate administrators about the risks of clicking on unknown links, especially when logged into the WordPress admin panel. 4. Consider implementing additional security measures such as Web Application Firewalls (WAF) that can help detect and prevent CSRF attacks. 5. Regularly review and audit plugin code, especially for critical functions like 'proxy', to ensure proper security measures are in place. 6. If an immediate update is not possible, consider temporarily disabling the plugin until a secure version can be installed.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9598. See article

Oct 25, 2024 at 7:52 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 25, 2024 at 7:54 AM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 25, 2024 at 8:07 AM
CVE Assignment

NVD published the first details for CVE-2024-9598

Oct 25, 2024 at 8:15 AM
CVSS

A CVSS base score of 8.8 has been assigned.

Oct 25, 2024 at 8:16 AM / nvd
CVSS Estimate

Feedly estimated the CVSS score as LOW

Oct 25, 2024 at 8:36 AM
EPSS

EPSS Score was set to: 0.06% (Percentile: 23.9%)

Oct 26, 2024 at 10:50 AM
Static CVE Timeline Graph

Affected Systems

Wordpress/wordpress
+null more

Attack Patterns

CAPEC-111: JSON Hijacking (aka JavaScript Hijacking)
+null more

News

Wordfence Intelligence Weekly WordPress Vulnerability Report (October 21, 2024 to October 27, 2024)
The team rolled out enhanced protection via firewall rules for the following vulnerabilities in real-time to our Premium, Care, and Response customers last week: WordPress Plugins with Reported Vulnerabilities Last Week
Security Bulletin 30 Oct 2024 - Cyber Security Agency of Singapore
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute ...
High - CVE-2024-9598 - The AMP for WP – Accelerated Mobile Pages...
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce...
CVE-2024-9598
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce validation on the 'proxy' function. This makes it possible for unauthenticated attackers to send the logged in user's cookies to their own server via a forged request granted they can trick a site administrator into performing an action such as clicking on a...
CVE-2024-9598 - WordPress AMP Cross-Site Request Forgery (CSRF) in AMP for WP Plugin
CVE ID : CVE-2024-9598 Published : Oct. 25, 2024, 8:15 a.m. 52 minutes ago Description : The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce validation on the 'proxy' function. This makes it possible for unauthenticated attackers to send the logged in user's cookies to their own server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Severity:
See 5 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI