CSRF Vulnerability Affects Page Restrict from n/a to 2.5.5
CVE-2024-24702

8.8HIGH

Key Information:

Vendor: WordPress
Status: Page Restrict
Vendor: CVE Published:; 28 February 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Page Restrict plugin developed by Matt Martz and Andy Stratton. This security issue affects all versions from n/a through 2.5.5, allowing attackers to trick users into making unintended actions on the site. Ensuring proper validation and implementing anti-CSRF tokens are crucial steps to mitigate this risk.

Affected Version(s)

Page Restrict <= 2.5.5

References

https://patchstack.com/database/vulnerability/pagerestric...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2024
Vulnerability Reserved
Jan 26, 2024

Credit

emad (Patchstack Alliance)