CVE-2024-6852

CWE-352Cross-Site Request Forgery (CSRF)3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 64.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown WP MultitaskingNgothang WP Multitasking
Timeline
PublishedSep 8

Description

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/wp_multitasking0.1.12

🔴Vulnerability Details

2
CVEList
WP MultiTasking <= 0.1.12 - Settings Update via CSRF2024-09-08
GHSA
GHSA-q7wh-m245-cv47: The WP MultiTasking WordPress plugin through 02024-09-08
CVE-2024-6852 (MEDIUM CVSS 4.3) | The WP MultiTasking WordPress plugi | cvebase.io