Cross-Site Request Forgery Vulnerability in Apollo13Themes Rife Free
CVE-2024-37491

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Rife Free
Vendor: CVE Published:; 2 January 2025

What is CVE-2024-37491?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Rife Free theme developed by Apollo13Themes. This security flaw allows an attacker to trick users into executing unwanted actions on the WordPress site, leading to potential unauthorized functions being performed. The issue impacts all versions of Rife Free from unknown to 2.4.18, highlighting the importance of ensuring that this theme is updated to a secure version. Users are advised to apply necessary patches and adhere to security best practices to mitigate this identified risk.

Affected Version(s)

Rife Free <= 2.4.18

References

https://patchstack.com/database/wordpress/theme/rife-free...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Jun 9, 2024

Credit

Dhabaleshwar Das (Patchstack Alliance)