WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Enqueue Anything plugin version 1.0.1 and earlier versions are vulnerable to cross-site request forgery, which stems from the following vulnerabilities in the remove_asset AJAX operation No authorization and cross-site request forgery checks. An attacker could use this vulnerability to allow low privileged users, such as subscribers, to remove arbitrary assets and place arbitrary posts in the spam folder.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress enqueue anything plugin | lt | 1.0.1 |