CVE-2024-54355

Name of the Vulnerable Software and Affected Versions: WP Mailster versions 1.8.17.0 and earlier

Description: The issue is a Cross-Site Request Forgery (CSRF) problem, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by tricking the user into performing an unintended action, such as sending a request to the /api/v1/login endpoint with malicious parameters like username and password.

Recommendations: For WP Mailster versions 1.8.17.0 and earlier, update to a version later than 1.8.17.0 to resolve the issue. As a temporary workaround, consider restricting access to sensitive API endpoints until a patch is available. Avoid using sensitive parameters in affected API endpoints until the issue is resolved.