WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. cross-site request spoofing vulnerability exists in versions of the Wordpress Plugin WP Extra File Types prior to 0.5.1, which stems from the fact that the WP Extra File Types WordPress plugin does not have CSRF checks when saving its settings. An attacker could use a spoofed malicious request to trick a victim into clicking through to perform a sensitive action.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress wp extra file types plugin | lt | 0.5.1 |