WordPress Automatic Plugin Cross-Site Request Forgery Vulnerability
Vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WordPress Automatic Plugin, specifically in versions through 3.118.0. The issue arises from inadequate nonce validation, allowing unauthenticated attackers to manipulate campaigns and inject harmful scripts. Exploitation requires tricking a site administrator into clicking a link or performing a similar action.
Impact
Exploitation of this vulnerability could lead to unauthorized campaign updates and the injection of malicious scripts, potentially causing stored Cross-Site Scripting (XSS) issues.
Remediation
Users are advised to update the WordPress Automatic Plugin to version 3.119.0 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.