5.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
patchstack.com/database/vulnerability/video-playlist-and-gallery-plugin/wordpress-cincopa-video-and-media-plugin-1-158-cross-site-request-forgery-csrf-vulnerability