Description The plugin does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack
1. Log in as a normal user. 2. Save the content below as an HTML file. 3. Change the ID and UID value to your account ID. 4. Open the above HTML file and submit it. A new post will be created and can be seen in the profile page (default /profile/)
CPE | Name | Operator | Version |
---|---|---|---|
eq | 6.3.1.2 |