CVE-2024-12208

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43269. Reason: This candidate is a reservation duplicate of CVE-2024-43269. Notes: All CVE users should reference CVE-2024-43269 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

17 Jan 2025, 17:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : unknown
References	~~{'url': 'https://wordpress.org/plugins/wp-backitup/', 'source': 'security@wordfence.com'}~~ ~~{'url': 'https://www.wordfence.com/threat-intel/vulnerabilities/id/e461a04b-6456-4930-b3e7-0f808825aa6b?source=cve', 'source': 'security@wordfence.com'}~~
CWE	~~CWE-352~~
Summary	(en) The Backup and Restore WordPress – Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This makes it possible for unauthenticated attackers to trigger backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	(en) Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43269. Reason: This candidate is a reservation duplicate of CVE-2024-43269. Notes: All CVE users should reference CVE-2024-43269 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

07 Jan 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-07 05:15

Updated : 2025-01-17 17:15

NVD link : CVE-2024-12208

Mitre link : CVE-2024-12208

CVE.ORG link : CVE-2024-12208

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-12208

Attach tags to `CVE-2024-12208`