Cross-Site Request Forgery Vulnerability in Rara Theme Construction Landing Page
CVE-2024-37508

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Construction Landing Page
Vendor: CVE Published:; 2 January 2025

Summary

A vulnerability exists in the Rara Theme's Construction Landing Page that allows attackers to exploit the Cross-Site Request Forgery (CSRF) flaw. This potentially enables unauthorized actions to be performed on behalf of authenticated users, compromising the security and integrity of the website. Affected versions include any prior to 1.3.5, necessitating timely updates to mitigate these risks.

Affected Version(s)

Construction Landing Page <= 1.3.5

References

https://patchstack.com/database/wordpress/theme/construct...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 2, 2025
Vulnerability Reserved
Jun 9, 2024

Credit

Dhabaleshwar Das (Patchstack Alliance)