Cross-Site Request Forgery Vulnerability in A WP Life Contact Form Widget
CVE-2024-48037
5.4MEDIUM
What is CVE-2024-48037?
A vulnerability exists in the A WP Life Contact Form Widget that allows Cross-Site Request Forgery (CSRF) attacks. This flaw permits malicious actors to exploit logged-in users' sessions to perform unauthorized actions without their consent. The vulnerability impacts versions up to and including 1.4.2, compromising the integrity of user interactions with the contact form. Attackers can exploit this flaw to manipulate data or gain unauthorized access to sensitive information, making it crucial for users to implement appropriate security measures.
Affected Version(s)
Contact Form Widget <= 1.4.2