CVE-2024-6024

Name of the Vulnerable Software and Affected Versions: ContentLock WordPress plugin versions 1.0.0 through 1.0.3

Description: The issue concerns a lack of CSRF check in the ContentLock WordPress plugin, which could allow attackers to trick a logged-in admin into removing groups or emails via a CSRF attack.

Recommendations: For ContentLock WordPress plugin versions 1.0.0 through 1.0.3, consider disabling the delete functionality for groups and emails until a patch is available to add a CSRF check. Restrict access to the plugin's management interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.