CVE-2024-12208

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43269. Reason: This candidate is a reservation duplicate of CVE-2024-43269. Notes: All CVE users should reference CVE-2024-43269 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

17 Jan 2025, 17:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : unknown
References
  • {'url': 'https://wordpress.org/plugins/wp-backitup/', 'source': 'security@wordfence.com'}
  • {'url': 'https://www.wordfence.com/threat-intel/vulnerabilities/id/e461a04b-6456-4930-b3e7-0f808825aa6b?source=cve', 'source': 'security@wordfence.com'}
CWE CWE-352
Summary (en) The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This makes it possible for unauthenticated attackers to trigger backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. (en) Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43269. Reason: This candidate is a reservation duplicate of CVE-2024-43269. Notes: All CVE users should reference CVE-2024-43269 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

07 Jan 2025, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-07 05:15

Updated : 2025-01-17 17:15


NVD link : CVE-2024-12208

Mitre link : CVE-2024-12208

CVE.ORG link : CVE-2024-12208


JSON object : View

Products Affected

No product.

CWE

No CWE.