Cross-Site Request Forgery Vulnerability in Rara Theme's Lawyer Landing Page
CVE-2024-37503

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Lawyer Landing Page
Vendor: CVE Published:; 2 January 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Lawyer Landing Page product developed by Rara Theme. This vulnerability allows an attacker to perform unauthorized actions on behalf of an authenticated user without their consent. Specifically, this issue affects all versions of the Lawyer Landing Page from n/a up to and including version 1.2.4, creating a potential security risk for sites utilizing this theme. Proper measures must be taken to mitigate the risks associated with this vulnerability, as it can lead to unauthorized transactions or data manipulations.

Affected Version(s)

Lawyer Landing Page <= 1.2.4

References

https://patchstack.com/database/wordpress/theme/lawyer-la...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Jun 9, 2024

Credit

Dhabaleshwar Das (Patchstack Alliance)