CVE-2024-12620

State: PUBLISHED · Published: 2025-02-01 · Updated: 2026-04-08 · Assigner: Wordfence

Description

The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'agl_json' AJAX action in all versions up to, and including, 1.4.23. This makes it possible for unauthenticated attackers to update the plugin's settings.

CWE

CWE-862 — CWE-862 Missing Authorization

Affected

creativeinteractivemedia / AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations — v=0 ≤1.4.23 [affected]

CVSS

3.1 score=5.3 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/841a028d-ff36-4e3f-903b-e25951648075?source=cve
https://wordpress.org/plugins/animategl/

Source

cvelistV5-main/cves/2024/12xxx/CVE-2024-12620.json