Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-hbef-ef9s-5uep

Summary The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a CSRF attack

Aliases

alias	CVE-2024-6860

Fixed_packages

Affected_packages

References

reference_url

https://wpscan.com/vulnerability/1d09d3dd-aa49-4ff1-80e7-6d176e378916/

reference_id

1d09d3dd-aa49-4ff1-80e7-6d176e378916

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-09T19:11:30Z/

url

https://wpscan.com/vulnerability/1d09d3dd-aa49-4ff1-80e7-6d176e378916/

Weaknesses

cwe_id	352
name	Cross-Site Request Forgery (CSRF)
description	The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Exploits

Severity_range_score 4.3 - 4.3

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hbef-ef9s-5uep

Vulnerability Instance