CVE-2024-49274: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the VOD Infomaniak WordPress plugin, affecting versions up to 1.5.7. The vulnerability was reported on August 24, 2024, and publicly disclosed on October 14, 2024. This security issue impacts the VOD Infomaniak plugin, which is developed by Infomaniak Network (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CVE-2024-49274. It received varying CVSS scores, with the NVD assigning a base score of 8.8 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack assessed it at 5.4 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability is categorized under CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity impact is considered low and is unlikely to be exploited (Patchstack).

The vulnerability has been patched in version 1.5.8 of the VOD Infomaniak plugin. Users are advised to update to version 1.5.8 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).