EPSS
Percentile
27.7%
The plugin does not protect its wp_clean_up_optimize action against CSRF attacks, allowing an unauthenticated attacker to perform various database clean-up operations by tricking a logged in user to submit a crafted request.
patchstack.com/database/vulnerability/wp-clean-up/wordpress-wp-clean-up-plugin-1-2-3-cross-site-request-forgery-csrf-vulnerability