CVE-2024-24837: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in multiple WordPress plugins developed by Frédéric GILLES: FG PrestaShop to WooCommerce (versions through 4.44.3), FG Drupal to WordPress (versions through 3.67.0), and FG Joomla to WordPress (versions through 4.15.0). The vulnerability was reported on December 10, 2023, and publicly disclosed on February 2, 2024 (Patchstack Drupal).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The issue is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

This vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The severity is considered low, with potential impact limited to integrity (Patchstack Drupal).

Users are advised to update to the following fixed versions: FG PrestaShop to WooCommerce version 4.45.0 or later, FG Drupal to WordPress version 3.68.0 or later, and FG Joomla to WordPress version 4.17.0 or later (Patchstack PrestaShop, Patchstack Joomla).