Cross-Site Request Forgery (CSRF) Vulnerability in Gora Tech LLC Cooked Pro
CVE-2024-49290

8.8HIGH

Key Information:

Vendor: WordPress
Status: Cooked Pro
Vendor: CVE Published:; 20 October 2024

What is CVE-2024-49290?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Gora Tech LLC's Cooked Pro product, allowing malicious actors to exploit actions on behalf of authenticated users without their consent. This vulnerability affects versions of Cooked Pro prior to 1.8.0, emphasizing the importance of applying security patches to mitigate the risk of unauthorized actions occurring within the application.

Affected Version(s)

Cooked Pro < 1.8.0

References

https://patchstack.com/database/vulnerability/cooked-pro/...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2024
Vulnerability Reserved
Oct 14, 2024

Credit

RE-ALTER (Patchstack Alliance)

WordPress

What is CVE-2024-49290?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit