CVE-2024-37467

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 2, 2025
CWE ID 352

Summary

CVE-2024-37467 is a Cross-Site Request Forgery (CSRF) vulnerability affecting ThemeIsle Hestia, from an undisclosed version up to 3.1.2. Hestia, a popular WordPress theme, is susceptible to CSRF attacks, where an attacker can trick a user into making unintended actions on a web application. The attacker can send a malicious request on behalf of the user, leading to potential data theft or unauthorized changes. This vulnerability poses a significant risk, as CSRF attacks can bypass authentication and authorization controls, potentially impacting both the user and the organization using the affected theme. It is essential to update to the latest version of Hestia as soon as possible to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share