CSRF Vulnerability in Valve Automatic
CVE-2024-32693

7.6HIGH

Key Information:

Vendor: WordPress
Status: Automatic
Vendor: CVE Published:; 22 April 2024

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the ValvePress Automatic Plugin, affecting versions prior to 3.93.0. This security flaw could allow an attacker to perform unauthorized actions on behalf of a logged-in user without their consent. Exploiting this vulnerability could lead to a variety of malicious activities, including content modification or unauthorized data exposure, posing significant risks to website integrity and user security. Users are recommended to update to the latest version of the plugin to mitigate these risks.

Affected Version(s)

Automatic < 3.93.0

References

https://patchstack.com/database/vulnerability/wp-automati...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2024
Vulnerability Reserved
Apr 17, 2024

Credit

Rafie Muhammad (Patchstack)