Lucene search
Bikram KharalWPVDB-ID:CAC12B64-ED25-4EE2-933F-8FF722605271HistoryJan 09, 2024 - 12:00 a.m.
Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF
2024-01-0900:00:00
Bikram Kharal
wpscan.com
8
peepso community
user post creation
csrf attack
vulnerability
web security
Description The plugin does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack
PoC
1. Log in as a normal user. 2. Save the content below as an HTML file. 3. Change the ID and UID value to your account ID. 4. Open the above HTML file and submit it. A new post will be created and can be seen in the profile page (default /profile/)
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 6.3.1.2 |
Related
prion
prion
Cross site request forgery (csrf)
2024-01-16 16:15:00
nvd
nvd
CVE-2023-7125
2024-01-16 16:15:14
wpexploit
wpexploit
Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF
2024-01-09 00:00:00
cve
cve
CVE-2023-7125
2024-01-16 16:15:14
cvelist
cvelist
CVE-2023-7125 Community by PeepSo < 6.3.1.2 - User Post Creation via CSRF
2024-01-16 15:57:04
6.3 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.1%
Related for WPVDB-ID:CAC12B64-ED25-4EE2-933F-8FF722605271