CVE-2024-13444

Vulnerability

Overview

The wp-greet WordPress plugin, up to and including version 6.2, is vulnerable to Cross-Site Request Forgery (CSRF). This arises from missing or incorrect nonce validation on a function that handles settings updates and potentially other actions [1]. CSRF attacks rely on tricking an authenticated administrator into performing an unintended action, such as clicking a malicious link.

Attack

Vector

An unauthenticated attacker can craft a forged HTTP request that modifies plugin settings. To achieve this, the attacker must lure a logged-in site administrator into triggering the request—for example, by clicking a link in a phishing email or while visiting a compromised site [1]. The lack of a nonce means the request appears legitimate to the server.

Impact

Successful exploitation allows the attacker to change the plugin's configuration and, critically, inject malicious web scripts (stored XSS) into the admin interface or pages. This can lead to further compromise of the WordPress site, such as privilege escalation, data theft, or defacement [1]. The CVSS v3 base score is 6.1 (Medium), reflecting significant but non-critical impact.

Mitigation

The vulnerability affects all versions up to and including 6.2. Users should update to a patched version as soon as it becomes available. If no update is provided, consider disabling the plugin or implementing a Web Application Firewall (WAF) rule to detect or block CSRF-like behaviour [1]. No workaround is documented in the plugin's description.