CVE-2024-8092: 
WordPress vulnerability analysis and mitigation

The Accordion Image Menu WordPress plugin through version 3.1.3 contains multiple security vulnerabilities related to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS). The vulnerability was discovered and publicly disclosed on August 27, 2024, and was assigned CVE-2024-8092. This security issue affects all versions of the plugin up to and including version 3.1.3 (NVD, WPScan).

The vulnerability stems from the absence of CSRF checks in certain areas of the plugin, combined with inadequate input sanitization and output escaping. The issue has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (NVD).

When exploited, this vulnerability allows attackers to execute a CSRF attack that can lead to stored XSS payloads being added to the system through a logged-in administrator's account. This creates a persistent security risk that could be triggered when users view affected pages (WPScan).

Currently, there is no known fix available for this vulnerability. Website administrators using the Accordion Image Menu plugin should consider either removing the plugin or implementing additional security measures to protect against CSRF attacks (WPScan).