The Ajax Search Lite plugin for WordPress, developed by Ernest Marcinko, contains a CSRF vulnerability (CWE-352) identified as CVE-2024-21752. This vulnerability affects all versions up to 4.11.4 and enables attackers to trick authenticated users into executing unintended actions, which can lead to reflected XSS attacks. The vulnerability has a CVSS 3.1 base score of 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope change, and low impact on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability could allow attackers to perform unauthorized actions on behalf of authenticated users, potentially leading to reflected XSS. This can result in partial compromise of user data confidentiality, integrity, and availability. The vulnerability is rated high severity due to its potential impact and ease of exploitation without privileges.

No official patch or remediation is currently available from the vendor. Users should monitor the vendor's advisory channels for updates. In the meantime, consider disabling or limiting the use of Ajax Search Lite until a fix is released. Implementing additional CSRF protections at the web application firewall or server level may help mitigate risk temporarily.