Cross site request forgery (csrf)

2018-06-2616:29:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%

JSON

Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9.

CPENameOperatorVersion
metronet_tag_managereq1.2.7

CPE	Name	Operator	Version
	metronet_tag_manager	eq	1.2.7

References

advisories.dxw.com/advisories/csrf-metronet-tag-manager/