Lucene search

K
wpvulndbWpvulndbWPVDB-ID:55EC85E4-F3F3-41D3-8547-1C13526E9C1C
HistoryNov 14, 2023 - 12:00 a.m.

Webpushr < 4.35.0 - LFI via CSRF

2023-11-1400:00:00
wpscan.com
10
webpushr plugin
lfi
csrf
validation
menu parameter
logged in users
admins

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.9%

Description The plugin does not have CSRF check in its wpp_save_settings() function, and does not validate the menu parameter, allowing attackers to make logged in users admins perform LFI attacks via CSRF

CPENameOperatorVersion
eq4.35.0

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.9%

Related for WPVDB-ID:55EC85E4-F3F3-41D3-8547-1C13526E9C1C