CVE-2024-49290: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Gora Tech LLC's Cooked Pro WordPress plugin affecting versions before 1.8.0. The vulnerability was reported on October 20, 2024, and received a CVSS v3.1 base score of 8.8 (HIGH) from NIST NVD, while Patchstack assessed it with a CVSS score of 4.3 (MEDIUM) (NVD, Patchstack).

The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and allows attackers to perform cross-site request forgery attacks against users of the Cooked Pro WordPress plugin. The issue received varying severity assessments, with NIST NVD assigning a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (8.8 HIGH), while Patchstack assessed it with CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (4.3 MEDIUM) (NVD).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The attack requires user interaction and can potentially lead to unauthorized actions being performed on behalf of authenticated users (Patchstack).

The vulnerability has been fixed in version 1.8.0 of the Cooked Pro plugin. Users are advised to update to version 1.8.0 or later to remove the vulnerability (Patchstack).