WordPress CaPa Protect plugin <= 0.5.8.2 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

2022-05-3000:00:00

Daniel Ruf

patchstack.com

0.001 Low

EPSS

Percentile

26.3%

JSON

Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability discovered by Daniel Ruf in WordPress CaPa Protect plugin (versions <= 0.5.8.2).

Solution

Deactivate and delete. This plugin has been closed as of May 23, 2022 and is not available for download. This closure is temporary, pending a full review.

CPENameOperatorVersion
capa protectle0.5.8.2

CPE	Name	Operator	Version
	capa protect	le	0.5.8.2

References

wordpress.org/plugins/capa/

wpscan.com/vulnerability/e025f821-81c3-4072-a89e-a5b3d0fb1275

0.001 Low

EPSS

Percentile

26.3%

JSON

Related for PATCHSTACK:12B281D112BE511627DF84F888548EBA