CVE-2024-6751

CVSS V2 None CVSS V3 None

Description

The Social Auto Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.3.14. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete post meta and plugin options.

Overview

CVE ID
CVE-2024-6751

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-07-24T02:33:57.454Z

Last Modified Date
2024-07-24T02:33:57.454Z

Weakness Enumerations

CWE	URL
CWE-352	http://cwe.mitre.org/data/definitions/352.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/d7aceccc-7004-42f2-b085-eade9c45141c?source=cve
https://codecanyon.net/item/social-auto-poster-wordpress-scheduler-marketing-plugin/5754169

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-6751
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6751

History

Created	Old Value	New Value	Data Type	Notes
2024-07-24 13:04:40				Added to TrackCVE