First published: Tue Feb 04 2025(Updated: )
The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
ShopSite | <=1.5.10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2024-13510 is high due to its potential for unauthorized access and configuration changes by unauthenticated users.
To fix CVE-2024-13510, update the ShopSite plugin for WordPress to the latest version beyond 1.5.10 where the nonce validation issue is addressed.
All users of the ShopSite plugin for WordPress up to and including version 1.5.10 are affected by CVE-2024-13510.
CVE-2024-13510 is a Cross-Site Request Forgery (CSRF) vulnerability.
Yes, CVE-2024-13510 can be exploited remotely since it allows unauthenticated attackers to manipulate settings.