CVE-2024-37102

Medium

Published: 02 January 2025

Published

02 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS Score 0.0022 44.9th percentile

Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Description

Cross-Site Request Forgery (CSRF) vulnerability in blossomthemes Vilva vilva allows Cross Site Request Forgery.This issue affects Vilva: from n/a through <= 1.2.2.

Security Summary

CVE-2024-37102 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the Blossom Themes Vilva WordPress theme. It affects Vilva versions from unspecified initial releases through 1.2.2. The issue enables forged requests to perform unauthorized actions within the theme's functionality.

The vulnerability carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), indicating network accessibility, low attack complexity, no required privileges, and reliance on user interaction with unchanged scope. Unauthenticated attackers can exploit it by tricking authenticated users into submitting malicious requests, resulting in low-impact integrity effects such as unauthorized data modifications.

Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Theme/vilva/vulnerability/wordpress-vilva-theme-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve, which documents the issue and associated remediation steps for the affected theme versions.

Details

CWE(s): CWE-352

Affected Products

blossomthemes

vilva

≤ 1.2.3

References

https://patchstack.com/database/Wordpress/Theme/vilva/vulnerability/wordpress-vilva-theme-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Third Party Advisory · audit@patchstack.com