Lucene search

K
wpexploitApple502jWPEX-ID:DB8ACE7B-7A44-4620-9FE8-DDF0AD520F5E
HistoryAug 18, 2021 - 12:00 a.m.

Print My Blog < 3.4.2 - Plugin Deactivation via CSRF

2021-08-1800:00:00
apple502j
359

0.001 Low

EPSS

Percentile

27.4%

The plugin does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link

https://example.com/wp-admin/admin.php?page=print-my-blog-projects&action=uninstall

0.001 Low

EPSS

Percentile

27.4%

Related for WPEX-ID:DB8ACE7B-7A44-4620-9FE8-DDF0AD520F5E