CVE-2024-6857: WP MultiTasking <= 0.1.12 - Header/Footer/Body Script Update via CSRF
Description
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack
Classification
CVE ID: CVE-2024-6857
Problem Types
CWE-352 Cross-Site Request Forgery (CSRF)Affected Products
Vendor: Unknown
Product: WP MultiTasking
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 7.01% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-6857https://wpscan.com/vulnerability/97636602-2dd0-465b-b6dc-acb42147edb3/