PT-2024-39764 · WordPress · The Post From Frontend Wordpress Plugin
Bob Matyas
·
Published
2024-11-04
·
Updated
2024-12-20
·
CVE-2024-9689
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The Post From Frontend WordPress plugin version 1.0.0
Description
The issue concerns a lack of CSRF check when deleting posts, which could allow attackers to make a logged-in admin perform such an action via a CSRF attack.
Recommendations
For The Post From Frontend WordPress plugin version 1.0.0, consider disabling the post deletion feature until a patch is available to prevent potential CSRF attacks. Restrict access to the post deletion functionality to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Post From Frontend Wordpress Plugin