CVE-2021-24466

Name of the Vulnerable Software and Affected Versions Verse-O-Matic WordPress plugin versions 4.1.1 and earlier

Description The issue is related to the lack of CSRF checks in the Verse-O-Matic WordPress plugin, allowing attackers to make logged-in administrators perform unwanted actions, such as adding, editing, or deleting arbitrary verses and changing settings. Additionally, the lack of sanitization in the settings and verses could lead to Stored Cross-Site Scripting issues.

Recommendations For versions 4.1.1 and earlier, consider disabling the plugin until a patch is available to prevent potential exploitation. Restrict access to the plugin's settings and verses to minimize the risk of unwanted actions. Avoid using the plugin's functionality to add, edit, or delete verses until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.