CVE-2024-13146

Name of the Vulnerable Software and Affected Versions Booknetic WordPress plugin versions prior to 4.1.5

Description The issue concerns a lack of CSRF check when creating Staff accounts, which could allow attackers to make logged-in admins add arbitrary Staff members via a CSRF attack. This could potentially be exploited by attackers to add unauthorized staff members.

Recommendations For versions prior to 4.1.5, update to version 4.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Staff account creation feature to minimize the risk of exploitation.