CVE-2024-4382

Name of the Vulnerable Software and Affected Versions CB (legacy) WordPress plugin versions 0.9.4.18 and earlier

Description The issue concerns a lack of CSRF checks in some bulk actions, which could allow attackers to make logged-in admins perform unwanted actions, such as deleting codes, timeframes, and bookings via CSRF attacks.

Recommendations For CB (legacy) WordPress plugin versions 0.9.4.18 and earlier, consider disabling bulk actions until a patch is available to prevent potential exploitation. Restrict access to bulk action features to minimize the risk of unwanted modifications. Avoid using bulk actions in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.