CVE-2024-9689

Summary

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack

Affected Software

VendorProductVersion RangeStatus
UnknownPost From Frontend0 <= 1.0.0affected

Weaknesses

  • CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References