3 matches found
AF Companion 1.1.0 - 1.1.2 - Arbitrary Plugin Installation & Activation via CSRF
The plugin has a flawed CSRF check, allowing attackers to make logged in admin installs and activate arbitrary plugins from the WP repository PoC...
AF Companion 1.1.0 - 1.1.2 - Arbitrary Plugin Installation & Activation via CSRF
The plugin has a flawed CSRF check, allowing attackers to make logged in admin installs and activate arbitrary plugins from the WP repository...
WordPress AF Companion plugin <= 1.1.2 - Arbitrary Plugin Installation and Activation via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Plugin Installation and Activation via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress AF Companion plugin versions = 1.1.2. Solution Update the WordPress AF Companion plugin to the latest available version at least 1.2.0...