Rara One Click Demo Import < 1.3.0 - Arbitrary File Upload via CSRF

2022-04-2100:00:00

wpscan.com

plugin

csrf attack

arbitrary files

admin upload

EPSS

0.001

Percentile

39.6%

JSON

The plugin does not have CSRF check when uploading files, which could allow attackers to make a logged in admin upload arbitrary files via a CSRF attack

EPSS

0.001

Percentile

39.6%

JSON

Related for WPVDB-ID:9A9A075E-7BA7-4128-B055-C2332FE78E33