CVE-2024-54353: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in WPGear Hack-Info plugin versions through 3.17. The vulnerability was assigned CVE-2024-54353 and was disclosed on December 11, 2024. This security issue affects the WordPress plugin Hack-Info and allows attackers to perform Stored Cross-Site Scripting (XSS) attacks (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The issue is classified under CWE-352 (Cross-Site Request Forgery) and requires no authentication to exploit, though it does require user interaction (NVD).

The vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This can lead to stored cross-site scripting attacks, potentially compromising the security of the affected WordPress installations (Patchstack).

The vulnerability has been fixed in version 3.18 of the Hack-Info plugin. Users are advised to update to version 3.18 or later to remove the vulnerability. For Patchstack users, enabling auto-update for vulnerable plugins is recommended as an additional security measure (Patchstack).