Main Vulnerability Database SB2024110443

SB2024110443 - Cross-site request forgery in AMP for WP – Accelerated Mobile Pages plugin for WordPress

Published: November 4, 2024

Security Bulletin ID SB2024110443

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site request forgery (CVE-ID: CVE-2024-9598)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in the "proxy" function. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.

Remediation

Install update from vendor's website.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/6b155ec8-d69d-40cf-8bea-201629bc9ca6?source=cve
https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.0.98/includes/options/redux-core/inc/class.p.php#L16
https://plugins.trac.wordpress.org/changeset/3174071/