Lucene search
Akash LabadeWPEX-ID:E193FABA-4589-45C7-AA4C-CAA3CE5A0072HistoryJun 13, 2019 - 12:00 a.m.
WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)
2019-06-1300:00:00
Akash Labade
13
EPSS
0.001
Percentile
31.5%
No CSRF Protection on Add new Fields. Can also Edit and Delete fields the same way.
1.Download csrf_wp-members.html
2.Change URL in html file.(FORM ACTION).
3.Submit Request.
Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMA_XXikw/view?usp=sharing
HTML_FILE : https://drive.google.com/file/d/131SkyhmXfOZeZV8ph6Y8QOaSVG3WxvdZ/view?usp=sharing
Related
cve
cve
CVE-2019-15660
2019-08-27 13:15:10
wpvulndb
wpvulndb
WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)
2019-06-13 00:00:00
openvas
openvas
WordPress WP-Members Membership Plugin < 3.2.8 CSRF Vulnerability
2019-09-16 00:00:00
cvelist
cvelist
CVE-2019-15660
2019-08-27 12:05:06
prion
prion
Cross site request forgery (csrf)
2019-08-27 13:15:00
nvd
nvd
CVE-2019-15660
2019-08-27 13:15:10