CVE-2024-13512 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the Wonder FontAwesome plugin for WordPress, maintained by edigermatthew. This vulnerability exists in all versions up to and including 0.8 due to missing or incorrect nonce validation on one of the plugin's functions. Nonces in WordPress are security tokens used to verify that requests are intentional and originate from legitimate users. The absence or improper implementation of nonce checks allows an attacker to craft malicious requests that, if executed by an authenticated administrator (via clicking a link or visiting a malicious page), can update plugin settings or inject malicious web scripts. This can lead to unauthorized changes in site configuration and potential cross-site scripting (XSS) attacks, compromising site confidentiality and integrity. The vulnerability requires no prior authentication but does require user interaction (an admin clicking a malicious link). The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) indicates network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality and integrity with no impact on availability. No patches or fixes are currently linked, and no known exploits have been reported in the wild. The vulnerability was published on January 30, 2025, and assigned by Wordfence. Given the plugin's integration with WordPress, a widely used CMS, this vulnerability poses a moderate risk to affected sites.

The primary impact of this vulnerability is unauthorized modification of plugin settings and potential injection of malicious scripts, which can lead to compromised site integrity and confidentiality. Attackers can leverage this to conduct further attacks such as persistent cross-site scripting (XSS), potentially stealing sensitive user data or hijacking administrator sessions. Although availability is not directly affected, the integrity and confidentiality breaches can damage organizational reputation and user trust. Since the exploit requires an administrator to interact with a malicious link, social engineering is a key component, increasing the risk for organizations with less security-aware administrators. The vulnerability affects all sites using the Wonder FontAwesome plugin up to version 0.8, which could be widespread given WordPress's global popularity. Organizations relying on this plugin for site aesthetics or functionality may face increased risk of targeted attacks, especially if they do not implement additional security controls or timely updates.

1. Immediately update the Wonder FontAwesome plugin to a version that includes proper nonce validation once available. 2. If no patch is available, implement manual nonce checks in the plugin code to validate all state-changing requests. 3. Educate site administrators about the risks of clicking unknown or suspicious links, especially when logged into administrative accounts. 4. Employ Web Application Firewalls (WAFs) with rules to detect and block CSRF attack patterns targeting WordPress plugins. 5. Restrict administrative access to trusted IP addresses or use multi-factor authentication to reduce the risk of compromised admin sessions. 6. Regularly audit plugin settings and site content for unauthorized changes or injected scripts. 7. Consider disabling or removing the Wonder FontAwesome plugin if it is not essential to reduce the attack surface. 8. Monitor security advisories from the plugin vendor and WordPress security teams for updates or patches.