CVE-2024-13709: 
WordPress vulnerability analysis and mitigation

The Linear plugin for WordPress has been identified with a Cross-Site Request Forgery (CSRF) vulnerability, tracked as CVE-2024-13709. This security issue affects all versions up to and including 2.8.1, with the vulnerability being disclosed on January 24, 2025. The vulnerability stems from missing or incorrect nonce validation on the 'linear-debug' functionality (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability requires network access, has low attack complexity, requires no privileges, but does need user interaction. The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) (NVD, Wordfence).

The vulnerability allows unauthenticated attackers to reset the plugin's cache through a forged request, provided they can successfully trick a site administrator into performing specific actions, such as clicking on a malicious link (NVD).

The vulnerability exists in versions up to and including 2.8.1 of the Linear WordPress plugin. Website administrators should ensure they are running the latest version of the plugin that includes the security fix (NVD).