4 matches found
CVE-2024-12554
The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the casregisterpost function. This makes it possible for unauthenticated attackers to blacklist emails via a forged...
CVE-2024-12554
creationtimestamp| type| source ---|---|--- 2024-12-18 09:28:01+00:00| seen| https://infosec.exchange/users/cve/statuses/113673114798725226 2024-12-18 12:01:13+00:00| seen| https://t.me/cvedetector/13177...
CVE-2024-12554 Peter’s Custom Anti-Spam <= 3.2.3 - Cross-Site Request Forgery via cas_register_post Function
The Peter’s Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the casregisterpost function. This makes it possible for unauthenticated attackers to blacklist emails via a forged...
CVE-2024-12554
CVE-2024-12554 concerns Peter’s Custom Anti-Spam for WordPress. The issue is a Cross-Site Request Forgery due to missing nonce validation in cas_register_post(), enabling unauthenticated actors to blacklist emails by luring an admin to perform an action. The vulnerability is explicitly documented...