This vulnerability is a CSRF issue in the WP Event Aggregator plugin for WordPress by Xylus Themes, affecting versions up to 1.7.6. It allows attackers to trick authenticated users into submitting unauthorized requests, potentially causing limited integrity impact. The CVSS 3.1 base score is 4.3, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, no confidentiality or availability impact, and low integrity impact. No official fix or patch is currently available, and no known exploitation has been reported.

The impact is limited to a potential integrity violation where an attacker could cause a logged-in user to perform unintended actions without their consent. There is no impact on confidentiality or availability. The medium severity score reflects the limited scope and requirement for user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution with user sessions and consider implementing CSRF protections at the application or web server level if possible. Monitor official Xylus Themes communications for updates.