CVE-2024-49275: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Martin Gibson's IdeaPush WordPress plugin, affecting versions up to 8.69. The vulnerability was identified on October 14, 2024, and was assigned CVE-2024-49275. This security issue allows potential attackers to execute Cross-Site Request Forgery attacks against the plugin (Patchstack).

The vulnerability has been assigned CWE-352 (Cross-Site Request Forgery). According to the National Vulnerability Database, the severity assessment shows varying CVSS scores, with NIST rating it as HIGH (8.8) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, while Patchstack rates it as MEDIUM (4.3) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact is considered to have a low severity and is unlikely to be exploited (Patchstack).

The vulnerability has been patched in version 8.71 of the IdeaPush plugin. Users are advised to update to version 8.71 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).