cleantalk
Vulnerabilities and Security Researches

Nested Pages, CVE-2024-5943

CVE, Research URL

CVE-2024-5943

Home page URL

Security reports for Nested Pages

Application

Nested Pages

Published on
Jul 04, 2024
Research Description
The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for unauthenticated attackers to call local php files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 3.2.8.
Status
vulnerable
Previous vulnerability researches
Nested Pages (CVE-2024-5943) , Jul 06, 2024
Nested Pages (CVE-2025-24579) , Jan 25, 2025
Nested Pages (CVE-2025-0718) , May 08, 2025
Nested Pages (CVE-2023-49195) , Jun 07, 2024
Nested Pages (CVE-2021-38343) , Jun 07, 2024
New vulnerability
CBX Map for Google Map & OpenStreetMap (CVE-2025-47669) , May 09, 2025
Bold Page Builder (CVE-2025-47488) , May 09, 2025
Bold Page Builder (CVE-2025-47525) , May 09, 2025
Blocksy (CVE-2025-47465) , May 08, 2025
Ultimate Blocks – WordPress Blocks Plugin (CVE-2025-47493) , May 08, 2025