CVE-2024-24706
medium
CVSS v3
4.3
CVSS v4 NEW
โ
VIR risk
4.3
Description
Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8.
Predictions
Exploit likelihood
53%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: GitHub Security Advisory ยท View original โ ยท CC-BY-4.0
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| forumone | wp-cfm | {"endExcluding":"1.7.9"} | 1.7.9 |
References
- https://github.com/forumone/wp-cfm/security/advisories/GHSA-2449-jmfc-gc7f
- https://patchstack.com/database/vulnerability/wp-cfm/wordpress-wp-cfm-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
- https://github.com/forumone/wp-cfm/security/advisories/GHSA-2449-jmfc-gc7f
- https://patchstack.com/database/vulnerability/wp-cfm/wordpress-wp-cfm-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
CWEs
CWE-352
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.