CVE-2024-53754: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Arrow Design Out Of Stock Badge WordPress plugin, affecting versions through 1.3.1. The vulnerability was reported on October 5, 2024, and publicly disclosed on November 28, 2024. This security issue has been assigned CVE-2024-53754 (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) issue, identified as CWE-352. It has received a CVSS v3.1 Base Score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability can be exploited without authentication, indicating a significant security risk (NVD, Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact is categorized with low confidentiality, integrity, and availability impacts according to the CVSS scoring (Patchstack).

Currently, there is no official fix available for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).

The vulnerability was initially discovered by researcher SOPROBRO and was subsequently published by Patchstack. An early warning was sent out to Patchstack customers on November 28, 2024, before the public disclosure (Patchstack).