CVE-2024-10040

Name of the Vulnerable Software and Affected Versions Infinite-Scroll plugin for WordPress versions up to, and including, 2.6.2

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the process ajax edit and process ajax delete functions. This allows unauthenticated attackers to make changes to plugin settings via a forged request if they can trick a site administrator into performing an action such as clicking on a link.

Recommendations For versions up to, and including, 2.6.2: Update to the latest version to mitigate risks. As a temporary workaround, consider disabling the process ajax edit and process ajax delete functions until a patch is available. Restrict access to the plugin settings to minimize the risk of exploitation.