CVE-2024-6860

Name of the Vulnerable Software and Affected Versions: WP MultiTasking WordPress plugin versions 0.1.12 and earlier

Description: The WP MultiTasking WordPress plugin does not have a CSRF check when updating its permalink suffix settings, which could allow attackers to make logged-in administrators perform such actions via a CSRF attack.

Recommendations: For WP MultiTasking WordPress plugin versions 0.1.12 and earlier, consider disabling the plugin until a patch is available to prevent exploitation. As a temporary workaround, restrict access to the permalink suffix settings to minimize the risk of exploitation. Avoid using the plugin's settings update functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.