CVE-2024-10045 – The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery …

23 October 2024

Vuln ID: CVE-2024-10045

Published: 2024-10-23 08:15:02.380

Description: The Transients Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the process_actions function. This makes it possible for unauthenticated attackers to delete transients via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Base Score: 4.3 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Source: NVD.NIST.GOV

Date:

23 October 2024

Categorie(s):

NVD

Tag(s):

NVD

70% of Leaders See Cyber Knowledge Gap in Employees23 October 2024
Attackers Use Encoded JavaScript to Deliver Malware23 October 2024
6 facts for CentOS users who are holding on23 October 2024
CISOs respond: 49% of CISOs plan to leave role without industry action23 October 2024
Internet Archive Secures Zendesk Account, Works Toward Full-Service Restoration23 October 2024