CVE-2024-12545 – “Scratch & Win – Cross-Site Request Forgery in WordPress Plugin”

1月 4, 2025
9:16 am

CVE ID : CVE-2024-12545

Published : Jan. 4, 2025, 8:15 a.m. | 1 hour, 1 minute ago

Description : The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the plugin’s installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-12545 – “Scratch & Win – Cross-Site Request Forgery in WordPress Plugin”

Elvescore.io

Recent Posts

CVE-2024-11356 – Tourmaster WordPress Cross-Site Scripting (XSS) Vulnerability

CVE-2024-11849 – Pods WordPress Stored Cross-Site Scripting (XSS)

CVE-2024-12302 – Icegram Engage Stored Cross-Site Scripting Vulnerability

CVE-2024-12311 – Icegram Express WordPress Plugin SQL Injection Vulnerability

CVE-2024-20105 – Apache Maven m4u Out-of-Bounds Write Privilege Escalation Vulnerability

CVE-2024-20140 – Apache Power Missing Bounds Check Privilege Escalation Vulnerability

CVE-2024-12545 – “Scratch & Win – Cross-Site Request Forgery in WordPress Plugin”

CVE-2024-12545 – “Scratch & Win – Cross-Site Request Forgery in WordPress Plugin”