Cross site request forgery (csrf)

2022-12-1914:15:00

PRIOn knowledge base

www.prio-n.com

wordpress

popup manager

csrf

authorization

deletion

unauthenticated users

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.3%

JSON

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them

CPENameOperatorVersion
popup_managerle1.6.6

CPE	Name	Operator	Version
	popup_manager	le	1.6.6

References

wpscan.com/vulnerability/60786bf8-c0d7-4d80-b189-866aba79bce2