关键漏洞信息 Linear Plugin Vulnerability CVE ID: CVE-2024-13709 CVSS Score: 4.3 (Medium) Publicly Published: January 24, 2025 Last Updated: November 5, 2025 Vulnerability Type: Cross-Site Request Forgery (CSRF) Affected Version: <= 2.8.1 Patched Version: 2.8.2 Remediation: Update to version 2.8.2 or a newer patched version Researcher: Dhabaleshwar Das Recent Vulnerabilities in Linear Additional Information The Linear plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 2.8.1. The vulnerability is due to missing or incorrect nonce validation on the 'linear-debug' endpoint. Unauthenticated attackers can exploit this to reset the plugin's cache via a forged request, tricking a site administrator into clicking a malicious link.