CVE-2024-12206 – WordPress Pearl Header Builder CSRF

1月 9, 2025
12:16 pm

CVE ID : CVE-2024-12206

Published : Jan. 9, 2025, 11:15 a.m. | 1 hour, 1 minute ago

Description : The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the stm_header_builder page. This makes it possible for unauthenticated attackers to delete arbitrary headers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-12206 – WordPress Pearl Header Builder CSRF

Elvescore.io

Recent Posts

CVE-2023-28354 – Opsview Monitor Agent Command Injection

CVE-2024-46464 – PRIMX ZED Enterprise Local File Manipulation Privilege Escalation

CVE-2024-51229 – LinZhaoguan pb-cms Cross Site Scripting (XSS)

CVE-2025-21385 – Microsoft Purview SSRF

CVE-2024-13290 – Drupal OhDear Integration Unauthenticated Path Traversal

CVE-2024-13291 – Drupal Basic HTTP Authentication Incorrect Authorization

CVE-2024-12206 – WordPress Pearl Header Builder CSRF

CVE-2024-12206 – WordPress Pearl Header Builder CSRF