CVE-2024-24875: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Yannick Lefebvre's Link Library WordPress plugin affecting all versions up to and including 7.5.13. The vulnerability was published on February 12, 2024, and was assigned CVE-2024-24875. The issue received a CVSS v3.1 base score of 8.8 (HIGH) from NIST and 4.3 (MEDIUM) from Patchstack (NVD, Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery). According to the CVSS v3.1 vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, the vulnerability can be exploited remotely with low attack complexity, requires no privileges, but does need user interaction. The scope is unchanged, with potential high impacts on confidentiality, integrity, and availability (NVD).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity of the impact is considered high according to NIST's assessment, with potential compromises to system confidentiality, integrity, and availability (Patchstack).

The vulnerability has been fixed in version 7.6 of the Link Library plugin. Users are advised to update to version 7.6 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).