Lucene search

K
wpvulndbWpvulndbWPVDB-ID:93D43C67-7846-4F82-B384-F7F789E038A3
HistoryOct 10, 2023 - 12:00 a.m.

Block Update < 3.3.2 - Arbitrary Plugin Update Blocking via CSRF

2023-10-1000:00:00
wpscan.com
3
plugin
csrf
security
update
attackers
logged in admins

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.1%

Description The plugin does not have CSRF check when blocking plugin from being updated, which could allow attackers to make logged in admins perform such actions via a CSRF attack

CPENameOperatorVersion
eq3.3.2

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.1%

Related for WPVDB-ID:93D43C67-7846-4F82-B384-F7F789E038A3