CVE-2024-6860 — Cross-Site Request Forgery in WP Multitasking

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 74.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ngothang WP Multitasking

Timeline

PublishedApr 9

Description

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶NVDngothang/wp_multitasking0.1.12

🔴Vulnerability Details

CVEList

WP MultiTasking <= 0.1.12 - Permalink Suffix Update via CSRF↗2025-04-09

▶

GHSA

GHSA-qgc3-2f6v-85jf: The WP MultiTasking WordPress plugin through 0↗2025-04-09

▶