CVE-2024-53762: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Faster Themes FastBook – Responsive Appointment Booking and Scheduling System WordPress plugin that allows Stored Cross-Site Scripting (XSS). The vulnerability affects versions through 1.1 of the plugin and was initially reported on October 9, 2024, with public disclosure occurring on November 28, 2024. The vulnerability was assigned identifier CVE-2024-53762 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery). The security issue requires no authentication to exploit and has been categorized as having a low priority for virtual patching (Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. Additionally, the combination with Stored XSS could lead to potential client-side attacks against authenticated users (Patchstack).

As there is currently no official fix available, the recommended mitigation is to remove and replace the software with an alternative solution. The plugin is considered abandoned, and it's unlikely to receive further updates or security fixes (Patchstack).