CVE-2024-12620 is a vulnerability classified under CWE-862 (Missing Authorization) found in the AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin, developed by creativeinteractivemedia. The flaw exists because the plugin fails to perform proper capability checks on the 'agl_json' AJAX action endpoint, which is responsible for handling certain plugin settings updates. This missing authorization allows unauthenticated attackers to send crafted AJAX requests to modify the plugin's settings without any authentication or user interaction. The vulnerability affects all versions up to and including 1.4.23. The CVSS v3.1 base score is 5.3 (medium severity), reflecting that the attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and impacts integrity (I:L) but not confidentiality or availability. Although no public exploits are known, the vulnerability could be leveraged to alter plugin behavior, potentially enabling further attacks such as persistent malicious content injection or disruption of animation features on WordPress sites. The vulnerability highlights a common security oversight in WordPress plugin development where AJAX endpoints are exposed without proper authorization checks, increasing the risk of unauthorized configuration changes.

The primary impact of this vulnerability is unauthorized modification of plugin settings, which compromises the integrity of the affected WordPress site’s animation features. Attackers could manipulate animations or related configurations, potentially leading to degraded user experience, defacement, or enabling subsequent attacks such as cross-site scripting (XSS) if the altered settings allow injection of malicious scripts. Although confidentiality and availability are not directly impacted, the integrity compromise could undermine trust in the website and its content. For organizations relying on this plugin, especially those with high-traffic or customer-facing WordPress sites, this could result in reputational damage, loss of user trust, and potential compliance issues if the site is part of regulated environments. Since exploitation requires no authentication and can be performed remotely, the attack surface is broad, increasing the risk for all sites using the vulnerable plugin versions.

1. Immediate patching: Organizations should update the AnimateGL Animations plugin to a version where this vulnerability is fixed once available. Monitor the vendor’s announcements for official patches. 2. Temporary access restrictions: Until a patch is applied, restrict access to the AJAX endpoint 'agl_json' via web application firewall (WAF) rules or server-level access controls to allow only authenticated and authorized users. 3. Audit plugin settings: Review and restore plugin settings to known good configurations after patching to ensure no unauthorized changes persist. 4. Monitor logs: Enable detailed logging for AJAX requests to detect suspicious or unauthorized attempts to access or modify plugin settings. 5. Harden WordPress security: Implement least privilege principles for WordPress user roles, disable unnecessary plugins, and keep all components updated to reduce overall attack surface. 6. Consider disabling or replacing the plugin if immediate patching is not feasible, especially on high-risk or critical websites.