CVE-2024-42613

Name of the Vulnerable Software and Affected Versions Pligg CMS version 2.0.2

Description A Cross-Site Request Forgery (CSRF) issue was found in Pligg CMS. The vulnerability can be exploited via the /admin/admin widgets.php endpoint with specific parameters: action=install and widget=akismet. This allows for unauthorized actions to be performed on the system.

Recommendations For Pligg CMS version 2.0.2, as a temporary workaround, consider restricting access to the /admin/admin widgets.php endpoint, specifically when the action parameter is set to install and the widget parameter is set to akismet, until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.