WordPress Nested Pages Plugin High Severity Vulnerability

[ad_1]

The U.S. Nationwide Vulnerability Database (NVD) and Wordfence printed a safety advisory of a excessive severity Cross Website Request Forgery (CSRF) vulnerability affecting the Nested Pages WordPress plugin affecting as much as +100,000 installations. The vulnerability acquired a Frequent Vulnerability Scoring System (CVSS) score of 8.8 on a scale of 1 – 10, with ten representing the best stage severity.

Cross Website Request Forgery (CSRF)

The Cross Website Request Forgery (CSRF) is a sort of assault that takes benefit of a safety flaw within the Nested Pages plugin that permits unauthenticated attackers to name (execute) PHP recordsdata, that are the code stage recordsdata of WordPress.

There’s a lacking or incorrect nonce validation, which is a typical safety characteristic utilized in WordPress plugins to safe varieties and URLs. A second flaw within the plugin is a lacking safety characteristic known as sanitization. Sanitization is a technique of securing information that’s enter or output which can also be widespread to WordPress plugins however on this case is lacking.

In response to Wordfence:

“This is because of lacking or incorrect nonce validation on the ‘settingsPage’ perform and lacking santization of the ‘tab’ parameter.”

The CSRF assault depends on getting a signed in WordPress person (like an Administrator) to click on a hyperlink which in flip permits the attacker to finish the assault. This vulnerability is rated 8.8 which makes it a excessive severity risk. To place that into perspective, a rating of 8.9 is a crucial stage risk which is an excellent greater stage. So at 8.8 it’s simply wanting a crucial stage risk.

This vulnerability impacts all variations of the Nested Pages plugin as much as and together with model 3.2.7. The builders of the plugin launched a safety repair in model 3.2.8 and responsibly printed the main points of the safety replace of their changelog.

The official changelog paperwork the safety repair:

“Safety replace addressing CSRF challenge in plugin settings”

Learn the advisory at Wordfence:

Nested Pages <= 3.2.7 – Cross-Site Request Forgery to Local File Inclusion

Learn the advisory on the NVD:

CVE-2024-5943 Detail

Featured Picture by Shutterstock/Dean Drobot

[ad_2]

Source link

What's Hot

test page

SEO Content Has a Packaging Problem — Whiteboard Friday

Google Shows 3 Ways To Boost Digital Marketing With Google Trends

WordPress Nested Pages Plugin High Severity Vulnerability

SEO Content Has a Packaging Problem — Whiteboard Friday

Google Shows 3 Ways To Boost Digital Marketing With Google Trends

Google Ads announces 11-year data retention policy

Reddit Makes Game-Changing Updates to Keyword Targeting

10+ Super SMART Goal Examples (& A Handy Template)

Apple Planning Big Mac Redesign and Half-Sized Old Mac

Autonomous Driving Startup Attracts Chinese Investor

Onboard Cameras Allow Disabled Quadcopters to Fly

Review: T-Mobile Winning 5G Race Around the World

Samsung Galaxy S21 Ultra Review: the New King of Android Phones

Xiaomi Mi 10: New Variant with Snapdragon 870 Review

Subscribe to Updates

What's Hot

WordPress Nested Pages Plugin High Severity Vulnerability

Cross Website Request Forgery (CSRF)

Related Posts