The Custom Author Base WordPress plugin through 1.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE ID: CVE-2024-8050
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vendor: Unknown
Product: Custom Author Base
EPSS Score: 0.01% (probability of being exploited)
EPSS Percentile: 1.24% (scored less or equal to compared to others)
EPSS Date: 2025-06-13 (when was this score calculated)