CVE-2024-56204

Name of the Vulnerable Software and Affected Versions Sinking Dropdowns versions n/a through 1.25

Description A Cross-Site Request Forgery (CSRF) vulnerability is present in Yonatan Reinberg of Social Ink's Sinking Dropdowns, allowing Privilege Escalation.

Recommendations For versions n/a through 1.25, consider disabling the functionality that allows Cross-Site Request Forgery (CSRF) attacks until a patch is available. As a temporary workaround, restrict access to sensitive operations to minimize the risk of exploitation. Avoid using the vulnerable component of Sinking Dropdowns in sensitive environments until the issue is resolved.