CVE-2024-49272: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in WPWeb Social Auto Poster WordPress plugin, affecting versions up to 5.3.15. The vulnerability was identified on October 14, 2024, and was assigned CVE-2024-49272. This security issue allows potential attackers to execute Cross-Site Request Forgery attacks against users of the affected plugin (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it with a score of 4.3 (MEDIUM) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) (NVD).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The attack requires user interaction but does not require authentication to exploit (Patchstack).

The vulnerability has been patched in version 5.3.16 of the Social Auto Poster plugin. Users are advised to update to this version or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).