WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. Cross-site request forgery vulnerability exists in WordPress demon image annotation 4.7 and earlier versions, which stems from the lack of nonce validation in its ~/includes/settings.php file, and can be exploited by an attacker to modify the plugin’s settings and inject malicious web scripts via forged requests.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress demon image annotation | le | 4.7 |