CVE-2024-54356: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the vCita.com Online Booking & Scheduling Calendar for WordPress plugin. The vulnerability affects versions up to 4.5 of the plugin and was disclosed on December 11, 2024. The security researcher Marek Mikita identified this vulnerability, which has been assigned the identifier CVE-2024-54356 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and requires no authentication to exploit, though it does require user interaction (NVD, Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The severity is considered low to medium impact, with potential implications for both integrity and availability of the affected system (Patchstack).

The vulnerability has been fixed in version 4.5.2 of the plugin. Users are advised to update to version 4.5.2 or later to remove the vulnerability. The security issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).