- Description
- The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it possible for unauthenticated attackers to reset the password of any administrator or customer account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-352
- Hype score
- Not currently trending
CVE-2024-12771 Cross-Site Request Forgery in WordPress eCommerce Plugin Exploited The eCommerce Product Catalog Plugin for WordPress has a Cross-Site Request Forgery vulnerability in all versions up to 3.3.43. Th... https://t.co/5cRMtCPKSB
@VulmonFeeds
21 Dec 2024
68 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-12771: HIGH] WordPress plugin eCommerce Product Catalog vulnerable to Cross-Site Request Forgery in versions up to 3.3.43 due to nonce validation issue, allowing unauthorized password resets.#cybersecurity,#vulnerability https://t.co/SalwRc9OaZ https://t.co/czz5sZcyw1
@CveFindCom
21 Dec 2024
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12771 The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This… https://t.co/dNjRAa8vuI
@CVEnew
21 Dec 2024
520 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes