WordPress is a set of blogging platform developed using the PHP language. A cross-site request forgery vulnerability exists in the WordPress plugin Copify 1.3.0 and prior versions, which stems from a lack of random number validation on the CopifySettings page. An attacker could exploit this vulnerability to update plugin settings and inject malicious Web scripts via spoofed requests, tricking site administrators into performing actions such as clicking on links.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress copify plugin | lt | 1.3.0 |