CVSS 3.1 Score 5.4 of 10 (medium)


Published Apr 11, 2024
CWE ID 352


CVE-2024-31936 is a Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP, specifically affecting versions prior to 1.2.6. The vulnerability has a base severity rating of MEDIUM and a base score of 5.4. It requires user interaction and can be exploited over the network. The impact is low in terms of integrity and confidentiality, with an availability impact also rated as low. To remediate the vulnerability, users should update UsersWP to version 1.2.6 or later. This CSRF vulnerability poses a potential danger to organizations as it could allow attackers to trick users into performing malicious actions without their knowledge or consent, potentially compromising the security and functionality of the affected systems.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-31936 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options