CVE-2024-37937

CVE-2024-37937 is a Cross-Site Request Forgery (CSRF) vulnerability, mapped to CWE-352, in the Rara Business WordPress theme by Rara Theme (rara-business). The issue affects versions from n/a through 1.2.5, allowing CSRF attacks as described in the CVE details. It carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), indicating medium severity with network accessibility, low attack complexity, no privileges required, and user interaction needed.

Attackers can exploit this vulnerability remotely by tricking authenticated users into submitting malicious requests via a crafted webpage, such as through social engineering. No privileges are needed from the attacker, but the victim must interact (e.g., click a link or visit a site). Exploitation leads to low integrity impact, potentially enabling unauthorized modifications to theme settings or data, with no effects on confidentiality or availability.

The Patchstack advisory provides further details on this WordPress theme vulnerability, including assessment and recommended actions, accessible at https://patchstack.com/database/Wordpress/Theme/rara-business/vulnerability/wordpress-rara-business-theme-1-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve.