CVE-2024-3163

Name of the Vulnerable Software and Affected Versions Easy Property Listings WordPress plugin versions prior to 3.5.4

Description The issue is related to a lack of CSRF check when deleting contacts in bulk, which could allow attackers to make a logged-in admin delete them via a CSRF attack. This could potentially lead to malicious actions.

Recommendations For versions prior to 3.5.4, upgrade the Easy Property Listings WordPress plugin to version 3.5.4 or later to mitigate the risk of CSRF attacks. As a temporary workaround, consider restricting access to the bulk contact deletion feature until the plugin is updated.