Cross-Site Request Forgery (CSRF) Vulnerability in WordPress Image SEO
CVE-2024-49627
8.8HIGH
Summary
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Noor Alam WordPress Image SEO plugin. This security flaw allows attackers to perform unauthorized actions on behalf of a legitimate user without their consent. Affected users of versions prior to 1.1.4 are at risk, as the issue enables exploitation of the plugin's functionality. As always, securing WordPress installations against such vulnerabilities is critical to maintaining the integrity and confidentiality of user data.
Affected Version(s)
WordPress Image SEO <= 1.1.4
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
SOPROBRO (Patchstack Alliance)