CVE-2024-9588

Name of the Vulnerable Software and Affected Versions Category and Taxonomy Meta Fields plugin for WordPress version 1.0.0 and earlier

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the wpaft option page function. This allows unauthenticated attackers to add and delete taxonomy meta by tricking a site administrator into performing an action, such as clicking on a link.

Recommendations For version 1.0.0 and earlier, consider disabling the wpaft option page function until a patch is available to prevent exploitation. Restrict access to taxonomy meta management to minimize the risk of unauthorized modifications. Avoid using the affected plugin until an updated version is released that addresses the nonce validation issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.