WP Basic Elements <= 5.2.15 - Cross-Site Request Forgery (CSRF)

2023-03-1400:00:00

wpscan.com

plugin

csrf

ajax

unauthenticated attacker

admin

crafted request

0.001 Low

EPSS

Percentile

27.6%

JSON

The plugin does not protect its wpbe_save_settings ajax actions against CSRF attacks, allowing an unauthenticated attacker to update the plugin settings by tricking a logged in admin to submit a crafted request.

CPENameOperatorVersion
wp-basic-elementseq*

CPE	Name	Operator	Version
	wp-basic-elements	eq	*

0.001 Low

EPSS

Percentile

27.6%

JSON

Related for WPVDB-ID:D7E36290-8959-4DCD-9DD1-09F23529E2D6