Heureka CSRF Vulnerability Affects Users
CVE-2024-25931

8.8HIGH

Key Information:

Vendor: WordPress
Status: Heureka
Vendor: CVE Published:; 29 February 2024

What is CVE-2024-25931?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Heureka Group plugin for WordPress. This vulnerability allows attackers to perform actions on behalf of authenticated users without their consent, which could lead to unauthorized access or manipulation of user data. The affected versions range from an unspecified release up to 1.0.8. Users of affected versions are advised to implement necessary mitigations and updates to ensure their systems remain secure.

Affected Version(s)

Heureka <= 1.0.8

References

https://patchstack.com/database/vulnerability/heureka/wor...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Feb 12, 2024

Credit

Mika (Patchstack Alliance)

JSON