{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-6857","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2024-07-17T20:03:06.530Z","datePublished":"2025-04-09T06:00:04.059Z","dateUpdated":"2025-04-09T19:17:05.474Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2025-04-09T06:00:04.059Z"},"title":"WP MultiTasking <= 0.1.12 - Header/Footer/Body Script Update via CSRF","problemTypes":[{"descriptions":[{"description":"CWE-352 Cross-Site Request Forgery (CSRF)","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"WP MultiTasking","versions":[{"status":"affected","versionType":"semver","version":"0","lessThanOrEqual":"0.1.12"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"The WP MultiTasking  WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack"}],"references":[{"url":"https://wpscan.com/vulnerability/97636602-2dd0-465b-b6dc-acb42147edb3/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Norbert Hofmann","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-09T19:16:57.061495Z","id":"CVE-2024-6857","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-09T19:17:05.474Z"}}]}}