CVE-2024-34810 | Cross-Site request forgery (CSRF) vulnerability in Extend Th… | CVSS 4.3 MEDIUM

Description

Cross-Site request forgery (CSRF) vulnerability in Extend Themes Skyline WP allows Cross Site Request Forgery. This issue affects Skyline WP: from n/a through 1.0.10.

Metadata

CVE ID: CVE-2024-34810
State: PUBLISHED
Assigner: Patchstack
Reserved: 2024-05-09 12:14 UTC
Published: 2026-06-17 10:25 UTC
Last updated: 2026-06-17 12:09 UTC
Primary CWE: CWE-352
CWE-352 Cross-Site request forgery (CSRF)
Vendor / Product: Extend Themes / Skyline WP
Sources: cve.org · NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Extend Themes	Skyline WP	—	n/a ≤ 1.0.10

Weakness (CWE)

CWE	Source	Description
CWE-352	cna	CWE-352 Cross-Site request forgery (CSRF)

CVSS scores (1)

Score	Severity	Version	Source	Vector
4.3	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References (1)

https://patchstack.com/database/wordpress/theme/skyline-wp/vulnerability/wordpress-skyline-wp-theme-1-0-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve