WordPress MF Gig Calendar Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Low priority No impactful threat
<= 1.2.1Vulnerable version(s)
No official fix availableFixed version
25 Apr, 2024 by Patchstack
Get the fastest vulnerability mitigation with Patchstack!
Get startedRisks
CVSS 5.4Note by Patchstack
CVE-2024-3756 is a duplicate of this issue.
User Interaction Required
While this vulnerability can be initiated by the role shown in "Required Privilege", successful exploitation requires a privileged user to perform an action — such as clicking a malicious link, visiting a crafted page, or submitting a form.
5.4
Cross Site Request Forgery (CSRF)
This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication.
CVSS score is a way to evaluate and rank reported vulnerabilities in a standardized and repeatable way but which is not ideal for WordPress.
Solutions
This security issue has a low severity impact and is unlikely to be exploited.
Details
Have additional information or questions about this entry? Let us know.
Timeline
2 Oct, 2023
Early warning sent out to Patchstack customers
25 Apr, 2024
Published by Patchstack
25 Apr, 2024