CVE-2024-6860

Summary

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack

Affected Software

VendorProductVersion RangeStatus
UnknownWP MultiTasking0 <= 0.1.12affected

Weaknesses

  • CWE-352 Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References