WP Performance Score Booster < 2.1 - Settings Change via CSRF

2021-10-18T00:00:00
ID WPVDB-ID:A59EBAB8-5DF7-4093-B853-DA9472F53508
Type wpvulndb
Reporter apple502j
Modified 2021-10-18T08:05:30

Description

The plugin does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

PoC