CVE-2024-53716: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WordPress plugin 'wp auto top' affecting versions through 2.9.3. The vulnerability was reported by researcher SOPROBRO on October 19, 2024, and was publicly disclosed on November 22, 2024. The vulnerability has been assigned CVE-2024-53716 and allows for Stored Cross-Site Scripting (XSS) attacks (Patchstack Database).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) and requires no authentication to exploit, though it does require user interaction. The technical assessment indicates that this is a low-priority vulnerability despite its high CVSS score (Patchstack Database).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. Additionally, the CSRF vulnerability can lead to stored XSS attacks, potentially compromising the security of the affected WordPress installations (Patchstack Database).

As of the disclosure date, no official fix is available for this vulnerability. The issue affects versions through 2.9.3, and users are advised to consider alternative security measures or plugin options (Patchstack Database).