Cross-Site Request Forgery Vulnerability in FameThemes OnePress Theme
CVE-2024-37448
4.3MEDIUM
Summary
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the FameThemes OnePress theme, allowing attackers to perform unauthorized actions on behalf of authenticated users. This could lead to security breaches and misuse of user privileges. Affected versions of the OnePress theme range from n/a up to 2.3.6. Users are urged to take precautions to secure their sites against this vulnerability.
Affected Version(s)
OnePress <= 2.3.6
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Dhabaleshwar Das (Patchstack Alliance)