WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress Core Tweaks WP Setup plugin 4.1 and earlier versions are vulnerable to cross-site request forgery, which stems from the lack of proper CSRF protection and could be exploited to arbitrarily change the administrator email or create another administrator account and take over the site via a CSRF attack.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress core tweaks wp setup plugin | lt | 4.1 |