Cross site request forgery (csrf)

2023-03-2716:15:00

PRIOn knowledge base

www.prio-n.com

csrf attack

plugin activation

wordpress security

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.2%

JSON

The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CPENameOperatorVersion
coupon_zenlt1.0.6

CPE	Name	Operator	Version
	coupon_zen	lt	1.0.6

References

wpscan.com/vulnerability/9787e26f-33fe-4c65-abb3-7f5c76ae8d6f