CVE-2024-4218: 
WordPress vulnerability analysis and mitigation

The AffiEasy plugin for WordPress contains a Cross-Site Request Forgery (CSRF) vulnerability affecting all versions up to and including 1.1.7. This vulnerability was discovered and reported by Wordfence, with the initial disclosure made on May 30, 2024 (NVD).

The vulnerability stems from the plugin improperly releasing the tagged and patched version, where the vulnerable version is used as the core files while the patched version was included in a 'trunk' folder. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N (Wordfence).

The vulnerability allows unauthenticated attackers to perform various actions through forged requests, provided they can trick a site administrator into performing specific actions such as clicking on a malicious link (NVD).

Site administrators running affected versions of the AffiEasy plugin should update to a patched version when available. In the meantime, administrators should exercise caution when clicking on links or performing actions while logged into their WordPress dashboard (NVD).