EPSS
Percentile
27.7%
The plugin does not protect its vi_plugin_setup_menu function against CSRF attacks, allowing an unauthenticated attacker to update plugin settings by tricking a logged in user to submit a crafted request.
patchstack.com/database/vulnerability/for-the-visually-impaired/wordpress-for-the-visually-impaired-plugin-0-58-cross-site-request-forgery-csrf-vulnerability