Close Menu
    Saturday, March 15
    Subscribe
    Trending
    SEO

    WordPress Nested Pages Plugin High Severity Vulnerability

    avenueadsBy No Comments2 Mins Read
    Vulnerability in Nested Pages WordPress plugin

    [ad_1]

    The U.S. Nationwide Vulnerability Database (NVD) and Wordfence printed a safety advisory of a excessive severity Cross Website Request Forgery (CSRF) vulnerability affecting the Nested Pages WordPress plugin affecting as much as +100,000 installations. The vulnerability acquired a Frequent Vulnerability Scoring System (CVSS) score of 8.8 on a scale of 1 – 10, with ten representing the best stage severity.

    Cross Website Request Forgery (CSRF)

    The Cross Website Request Forgery (CSRF) is a sort of assault that takes benefit of a safety flaw within the Nested Pages plugin that permits unauthenticated attackers to name (execute) PHP recordsdata, that are the code stage recordsdata of WordPress.

    There’s a lacking or incorrect nonce validation, which is a typical safety characteristic utilized in WordPress plugins to safe varieties and URLs. A second flaw within the plugin is a lacking safety characteristic known as sanitization. Sanitization is a technique of securing information that’s enter or output which can also be widespread to WordPress plugins however on this case is lacking.

    In response to Wordfence:

    “This is because of lacking or incorrect nonce validation on the ‘settingsPage’ perform and lacking santization of the ‘tab’ parameter.”

    The CSRF assault depends on getting a signed in WordPress person (like an Administrator) to click on a hyperlink which in flip permits the attacker to finish the assault. This vulnerability is rated 8.8 which makes it a excessive severity risk. To place that into perspective, a rating of 8.9 is a crucial stage risk which is an excellent greater stage. So at 8.8 it’s simply wanting a crucial stage risk.

    This vulnerability impacts all variations of the Nested Pages plugin as much as and together with model 3.2.7. The builders of the plugin launched a safety repair in model 3.2.8 and responsibly printed the main points of the safety replace of their changelog.

    The official changelog paperwork the safety repair:

    “Safety replace addressing CSRF challenge in plugin settings”

    Learn the advisory at Wordfence:

    Nested Pages <= 3.2.7 – Cross-Site Request Forgery to Local File Inclusion

    Learn the advisory on the NVD:

    CVE-2024-5943 Detail

    Featured Picture by Shutterstock/Dean Drobot

    [ad_2]

    Source link

    Related Posts

    Add A Comment
    Leave A Reply