CP Media Player < 1.2.0 - Player Deletion and Duplication via CSRF

2024-03-2900:00:00

wpscan.com

cp media player

vulnerability

nonce validation

csrf attack

player deletion

player duplication

unauthenticated attackers

6.7 Medium

AI Score

Confidence

Low

JSON

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the admin_page function. This makes it possible for unauthenticated attackers to delete or duplicate existing audio or video players via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CPENameOperatorVersion
eq1.2.0

CPE	Name	Operator	Version
		eq	1.2.0

References

www.wordfence.com/threat-intel/vulnerabilities/id/ced380a5-04a6-40c1-a731-0d3b929e4428

6.7 Medium

AI Score

Confidence

Low

JSON