CVE-2024-12620: 
WordPress vulnerability analysis and mitigation

The AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin for WordPress contains a vulnerability (CVE-2024-12620) related to unauthorized modification of data. The vulnerability affects all versions up to and including 1.4.23, and was discovered and disclosed on January 31, 2025. The plugin has been temporarily closed pending a full security review (WordPress Plugin, Wordfence Advisory).

The vulnerability stems from a missing capability check on the 'agl_json' AJAX action, which creates a security weakness classified as CWE-862 (Missing Authorization). The vulnerability has been assigned a CVSS v3.1 score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating that it is network-accessible, requires low attack complexity, and needs no privileges or user interaction to exploit (NVD Database).

The vulnerability allows unauthenticated attackers to update the plugin's settings. This unauthorized access to plugin configuration could potentially affect the website's appearance and functionality through manipulation of animation settings (NVD Database).

As of January 31, 2025, the plugin has been temporarily closed and is not available for download pending a full security review. Users are advised to consider alternative animation plugins until a patched version is released (WordPress Plugin).