CVE-2024-12219

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2024-56017 is likely a duplicate of this issue.

Stop Registration Spam
Stop Registration SpamUNAVAILABLE
<p>This is a simple plugin designed to cut down on automated spam registrations and the emails they produce.</p> <p>The idea is simple: in order to register, users have to answer a question that&#8217;s simple for anyone reading your blog, but impossible for a script being run by a spammer.</p> <p>To install, simply copy stop_registration_spam.php to your Plugins directory. Enable the plugin and an options page will appear under the WordPress Settings menu.</p> <p>In the settings page, enter your question (keep it short), answer (ideally very short) and a hint to display if the user gets it wrong. Save these and they&#8217;ll be used for new registrations.</p> <p>I&#8217;ve been using this plugin for a few months, and it cut spam from dozens a day to none at all. Hope you find it useful. Questions etc welcome on my blog:</p> <p>http://www.tomroyal.com/blog/2012/04/09/stop-wordpress-registration-spam/</p> <p>Tom</p>
WordPress Plugin DirectoryWordPress Plugin Directory
6.75K