Lucene search

K
wpvulndbApple502jWPVDB-ID:DB8ACE7B-7A44-4620-9FE8-DDF0AD520F5E
HistoryAug 18, 2021 - 12:00 a.m.

Print My Blog < 3.4.2 - Plugin Deactivation via CSRF

2021-08-1800:00:00
apple502j
wpscan.com
5

0.001 Low

EPSS

Percentile

27.4%

The plugin does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link

PoC

https://example.com/wp-admin/admin.php?page=print-my-blog-projects&amp;action;=uninstall

CPENameOperatorVersion
print-my-bloglt3.4.2

0.001 Low

EPSS

Percentile

27.4%

Related for WPVDB-ID:DB8ACE7B-7A44-4620-9FE8-DDF0AD520F5E