CVE-2024-6853

Severity CVSS v4.0:
Pending analysis
Type:
CWE-352 Cross-Site Request Forgery (CSRF)
Publication date:
08/09/2024
Last modified:
11/09/2024

Description

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating welcome popups, which could allow attackers to make logged admins perform such action via a CSRF attack

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:ngothang:wp_multitasking:*:*:*:*:*:wordpress:*:* 0.1.12 (including)