- Description
- The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2024-12028 Unauthorized Access Risk in WordPress Friends Plugin via REST API The Friends plugin for WordPress has a vulnerability in all versions up to 3.2.1. There is no capability check on some REST API end... https://t.co/FOtgHSJZpd
@VulmonFeeds
6 Dec 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12028 The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and inclu… https://t.co/BUuEga0Yb8
@CVEnew
6 Dec 2024
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes