CVE-2024-1230

Name of the Vulnerable Software and Affected Versions SimpleShop plugin for WordPress versions prior to 2.11

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the maybe disconnect simpleshop function. This allows unauthenticated attackers to disconnect the site from SimpleShop by tricking a site administrator into performing an action, such as clicking on a link.

Recommendations For versions prior to 2.11, update to version 2.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the maybe disconnect simpleshop function until a patch is available.