CVE-2024-38691: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability affects Metorik – Reports & Email Automation for WooCommerce plugin versions through 1.7.1. The vulnerability was discovered by Majed Refaea and was assigned CVE-2024-38691. The issue was published on July 10, 2024, and has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) (Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) with a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network accessible, requires low attack complexity, needs no privileges, requires user interaction, has a scope that's unchanged, and can impact integrity with low severity while having no impact on confidentiality or availability (NVD).

The CSRF vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The impact is considered low severity due to the required user interaction and limited potential for damage (Patchstack).

The vulnerability has been fixed in version 1.7.2 of the Metorik plugin. Users are advised to update to version 1.7.2 or later to remove the vulnerability (Patchstack).