CVE-2024-37508

CVE-2024-37508 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the Construction Landing Page WordPress theme developed by Rara Theme. This issue affects all versions of the theme from n/a through 1.3.5. The vulnerability has a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), indicating medium severity with low integrity impact.

The vulnerability can be exploited over the network by any unauthenticated attacker with low attack complexity, provided they can trick an authenticated user into performing an action, such as visiting a malicious site or clicking a crafted link. Successful exploitation enables the attacker to perform unauthorized actions on the victim's behalf within the affected WordPress site, potentially leading to low-impact integrity violations like unintended state changes.

Patchstack's advisory at https://patchstack.com/database/Wordpress/Theme/construction-landing-page/vulnerability/wordpress-construction-landing-page-theme-1-3-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve provides details on the vulnerability, including recommended mitigations such as updating to a patched version of the Construction Landing Page theme beyond 1.3.5.