2 matches found
WordPress Filter Portfolio Gallery plugin <= 1.5 - Arbitrary Gallery Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Gallery Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Vishal Mohan in WordPress Filter Portfolio Gallery plugin versions = 1.5. Solution Deactivate and delete. This plugin has been closed as of October 7, 2021 and is not available for download. This closure is...
Filter Portfolio Gallery <= 1.5 - Arbitrary Gallery Deletion via CSRF
The plugin is lacking Cross-Site Request Forgery CSRF check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery. PoC https://example.com/wp-admin/admin.php?page=phoenfiltergalleryid=1...