CVE-2024-37540: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress Leaky Paywall plugin, affecting versions up to 4.21.2. The vulnerability was reported on February 21, 2024, by security researcher Ananda Dhakal and was assigned the identifier CVE-2024-37540. The issue was publicly disclosed on July 6, 2024, and has been fixed in version 4.21.3 (Patchstack Database).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CWE-352. It received a CVSS v3.1 score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This scoring indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction (Patchstack Database).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity is considered low priority, and the impact is unlikely to be widely exploited (Patchstack Database).

The vulnerability has been patched in version 4.21.3 of the Leaky Paywall plugin. Users are advised to update to version 4.21.3 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack Database).