CVE-2024-12385 – The WP Abstracts WordPress plugin has a Cross-S... (How to Fix)

Q: What is the severity of CVE-2024-12385?

CVE-2024-12385 has a CVSS score of 6.1 (MEDIUM). The WP Abstracts WordPress plugin has a Cross-Site Request Forgery vulnerability that allows attackers to trick administrators into performing unauthorized actions. This could lead to deletion of abstracts or injection of malicious scripts. All WordPress sites using WP Abstracts versions up to 2.7.2 are affected.

📋 TL;DR

The WP Abstracts WordPress plugin has a Cross-Site Request Forgery vulnerability that allows attackers to trick administrators into performing unauthorized actions. This could lead to deletion of abstracts or injection of malicious scripts. All WordPress sites using WP Abstracts versions up to 2.7.2 are affected.

💻 Affected Systems

Products:

WP Abstracts Manuscripts Manager WordPress Plugin

Versions: All versions up to and including 2.7.2

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with WP Abstracts plugin enabled. Only affects sites where administrators can be tricked into clicking malicious links.

📦 What is this software?

Wp Abstracts by Kevonadonis

View all CVEs affecting Wp Abstracts →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete all abstracts or inject persistent malicious scripts that compromise the entire WordPress site and visitors.

🟠

Likely Case

Attackers trick administrators into clicking malicious links that delete specific abstracts or inject temporary malicious content.

🟢

If Mitigated

With proper CSRF protections and user awareness, the risk is minimal as it requires administrator interaction.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires social engineering to trick administrators but technical complexity is low once the malicious link is clicked.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.7.3 or later

Vendor Advisory: https://wordpress.org/plugins/wp-abstracts-manuscripts-manager/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Abstracts Manuscripts Manager. 4. Click 'Update Now' if available. 5. Alternatively, download version 2.7.3+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable WP Abstracts Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate wp-abstracts-manuscripts-manager

Add CSRF Protection Manually

all

Add nonce validation to the vulnerable functions in plugin code

Edit abstracts.manage.php lines 148 and 205 to add wp_verify_nonce() checks

🧯 If You Can't Patch

Implement strict Content Security Policy headers to limit script execution
Use WordPress security plugins that add additional CSRF protection layers

🔍 How to Verify

Check if Vulnerable:

Check WP Abstracts plugin version in WordPress admin under Plugins → Installed Plugins

Check Version:

wp plugin get wp-abstracts-manuscripts-manager --field=version

Verify Fix Applied:

Verify plugin version is 2.7.3 or higher and check that nonce validation exists in abstracts.manage.php

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to wp-admin/admin-ajax.php with action=wpabstracts_load_status or wpabstracts_delete_abstracts
Multiple abstract deletions in short time period

Network Indicators:

HTTP requests with missing or invalid _wpnonce parameter to vulnerable endpoints

SIEM Query:

source="wordpress.log" AND (action="wpabstracts_load_status" OR action="wpabstracts_delete_abstracts") AND NOT _wpnonce=*

📊 Metadata

CVE ID: CVE-2024-12385

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-352

EPSS Score: 0.07% exploit probability (20.6th percentile)

Published: January 18, 2025

Last Updated: February 25, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12385, you might also want to check these: