Lucene search

K
wpvulndbApple502jWPVDB-ID:6010CE4E-3E46-4CC1-96D8-560B30B605ED
HistoryOct 04, 2021 - 12:00 a.m.

Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF

2021-10-0400:00:00
apple502j
wpscan.com
7

0.001 Low

EPSS

Percentile

27.4%

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

PoC

CPENameOperatorVersion
far-future-expiry-headerlt1.5

0.001 Low

EPSS

Percentile

27.4%

Related for WPVDB-ID:6010CE4E-3E46-4CC1-96D8-560B30B605ED