CVE-2024-6719: 
WordPress vulnerability analysis and mitigation

The Offload Videos WordPress plugin before version 1.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability, discovered and disclosed on June 5, 2024. This security issue affects the plugin's settings update functionality and is tracked as CVE-2024-6719. The vulnerability exists due to the absence of CSRF protection mechanisms when updating the plugin's settings (WPScan, NVD).

The vulnerability has been assigned a CVSS score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. The security flaw is classified under CWE-352 (Cross-Site Request Forgery). The vulnerability allows low-privilege users to modify plugin settings through a CSRF attack, specifically targeting the plugin's settings update functionality (WPScan).

If successfully exploited, an attacker could manipulate the plugin's settings, including Amazon S3 bucket configurations, API keys, and streaming service settings. This could potentially lead to unauthorized access to media storage and streaming services, compromising the security of the WordPress installation (WPScan).

The vulnerability has been patched in version 1.0.1 of the Offload Videos WordPress plugin. Site administrators are strongly advised to update to this version or later to mitigate the security risk (WPScan).