Lucene search

K
wpvulndbWpvulndbWPVDB-ID:55EC85E4-F3F3-41D3-8547-1C13526E9C1C
HistoryNov 14, 2023 - 12:00 a.m.

Webpushr < 4.35.0 - LFI via CSRF

2023-11-1400:00:00
wpscan.com
10
webpushr plugin
lfi
csrf
validation
menu parameter
logged in users
admins

AI Score

7

Confidence

High

EPSS

0.001

Percentile

23.8%

Description The plugin does not have CSRF check in its wpp_save_settings() function, and does not validate the menu parameter, allowing attackers to make logged in users admins perform LFI attacks via CSRF

AI Score

7

Confidence

High

EPSS

0.001

Percentile

23.8%

Related for WPVDB-ID:55EC85E4-F3F3-41D3-8547-1C13526E9C1C