AI Score
Confidence
High
EPSS
Percentile
57.4%
Description The plugin does not protect its abpr_profileShortcode action against CSRF attacks, allowing an unauthenticated attacker to change a users email or password by tricking a logged in administrator to submit a crafted request.
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/absolute-privacy/absolute-privacy-21-cross-site-request-forgery-to-user-emailpassword-change