CVE-2024-42616

Name of the Vulnerable Software and Affected Versions Pligg CMS version 2.0.2

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. It can be exploited via the /admin/admin widgets.php endpoint with specific parameters: action=remove and widget=Statistics. This allows for unauthorized actions on the affected system.

Recommendations For Pligg CMS version 2.0.2, consider disabling access to the /admin/admin widgets.php endpoint with the action=remove and widget=Statistics parameters until a patch is available. Restrict access to the admin widgets.php file to minimize the risk of exploitation. Avoid using the action and widget parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.