CVE-2024-13647

Name of the Vulnerable Software and Affected Versions SakolaWP plugin for WordPress versions prior to 1.0.9

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save exam setting and delete exam setting actions. This allows unauthenticated attackers to update exam settings by tricking a site administrator into performing an action, such as clicking on a link, via a forged request.

Recommendations For SakolaWP plugin for WordPress versions prior to 1.0.9, update to version 1.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the save exam setting and delete exam setting actions to minimize the risk of exploitation.