CVE-2024-10677

Name of the Vulnerable Software and Affected Versions: BTEV WordPress plugin versions 2.0.2 and earlier

Description: The issue concerns the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This could potentially enable attackers to modify the plugin's settings without the administrator's knowledge or consent.

Recommendations: For BTEV WordPress plugin versions 2.0.2 and earlier, consider disabling the settings update functionality until a patch is available that includes a CSRF check. As a temporary workaround, restrict access to the settings update page to minimize the risk of exploitation.