Lucene search

K
wpvulndbFrancesco CarlucciWPVDB-ID:7CD524ED-5EB9-4D6B-B4D2-3D4BE6B57879
HistoryNov 15, 2021 - 12:00 a.m.

WP Limits <= 1.0 - Plugin's Settings Update via CSRF

2021-11-1500:00:00
Francesco Carlucci
wpscan.com
8

0.001 Low

EPSS

Percentile

25.9%

The plugin does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values

PoC

CPENameOperatorVersion
wp-limitseq*

0.001 Low

EPSS

Percentile

25.9%

Related for WPVDB-ID:7CD524ED-5EB9-4D6B-B4D2-3D4BE6B57879