CVE-2024-8245: 
WordPress vulnerability analysis and mitigation

The GamiPress WordPress plugin before version 1.0.1 contains a Cross-Site Request Forgery (CSRF) vulnerability (CVE-2024-8245) that affects its settings update functionality. The vulnerability was discovered in the GamiPress Reset User plugin and was publicly disclosed on May 15, 2025. This security flaw impacts WordPress installations using the affected plugin version (WPScan).

The vulnerability stems from the absence of CSRF protection mechanisms when updating plugin settings. It has been assigned a CVSS v3.1 score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery) (Wiz, WPScan).

When exploited, this vulnerability could allow attackers to trick authenticated administrators into changing plugin settings through CSRF attacks. The attack requires user interaction, as the admin needs to be logged in and must be deceived into accessing a malicious page containing the CSRF payload (Wiz).

The vulnerability has been patched in GamiPress Reset User plugin version 1.0.1. Users are strongly advised to update to this version or later to protect against potential CSRF attacks (Wiz).