CVE-2024-27955

Name of the Vulnerable Software and Affected Versions WP Automatic versions 3.92.0 and earlier

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability, which can lead to Privilege Escalation. This vulnerability is due to incorrect validation of the nonce value, allowing a remote attacker to exploit it and gain elevated privileges.

Recommendations For versions 3.92.0 and earlier, update to a version later than 3.92.0 to resolve the issue. As a temporary workaround, consider implementing additional validation for the nonce value to prevent CSRF attacks. Restrict access to sensitive areas of the WP Automatic plugin to minimize the risk of exploitation.