CVE-2024-37937

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 2, 2025

CWE ID 352

Summary

CVE-2024-37937 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Rara Business theme, specifically versions from n/a to 1.2.5. An attacker can exploit this issue to make unauthorized changes to user accounts, such as modifying settings or making purchases, by tricking the user into visiting a malicious website. CSRF attacks rely on the trust that a website has in its users and their sessions, and can be particularly dangerous in situations where sensitive actions have significant consequences. Users of Rara Business should upgrade to a patched version as soon as possible to protect against this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wZwnIA
https://www.cve.org/CVERecord?id=CVE-2024-37937
https://nvd.nist.gov/vuln/detail/CVE-2024-37937

Back to Vulnerability Database

CVE-2024-37937

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations