CVE-2024-6857: WP MultiTasking <= 0.1.12 - Header/Footer/Body Script Update via CSRF
First published: Wed Apr 09 2025(Updated: )
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its Header, Footer and Body Script Settings, which could allow attackers to make logged admins perform such action via a CSRF attack
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WP MultiTasking | <=0.1.12 | |
| WordPress | <=0.1.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-6857?
CVE-2024-6857 is a medium-severity vulnerability due to the lack of CSRF checks in the WP MultiTasking plugin.
How do I fix CVE-2024-6857?
To fix CVE-2024-6857, update the WP MultiTasking plugin to the latest version where the CSRF protection has been implemented.
Who is affected by CVE-2024-6857?
Users of the WP MultiTasking WordPress plugin version 0.1.12 and earlier are affected by CVE-2024-6857.
What type of attack is possible with CVE-2024-6857?
CVE-2024-6857 allows attackers to perform Cross-Site Request Forgery (CSRF) attacks on logged-in administrators.
What actions can be exploited due to CVE-2024-6857?
CVE-2024-6857 could allow attackers to make logged administrators update Header, Footer, and Body Script Settings without their consent.
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/author
- agent/source
- agent/severity
- agent/last-modified-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/weakness
- collector/nvd-api
- source/NVD
- vendor/wp multitasking
- canonical/wp multitasking
- vendor/ngothang
- canonical/wordpress
- version/wordpress/0.1.12