CVE-2024-24884: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in ARI Soft Contact Form 7 Connector affecting versions through 1.2.2. The vulnerability was disclosed on February 5, 2024, and assigned CVE-2024-24884. This security issue affects the WordPress plugin Contact Form 7 Connector and received a CVSS v3.1 base score of 4.3 (Medium) from Patchstack, while the NVD assessment rated it at 8.8 (High) (Patchstack, NVD).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery). According to the CVSS vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N assigned by Patchstack, the vulnerability requires user interaction, has network attack vector, low attack complexity, and requires no privileges to exploit (Patchstack).

The CSRF vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The impact is primarily focused on integrity with limited potential for damage, as indicated by the CVSS metrics (Patchstack).

The vulnerability has been fixed in version 1.2.3 of the Contact Form 7 Connector plugin. Users are advised to update to version 1.2.3 or later to remove the vulnerability (Patchstack).