Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbAkash LabadeWPVDB-ID:E193FABA-4589-45C7-AA4C-CAA3CE5A0072
HistoryJun 13, 2019 - 12:00 a.m.

WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)

2019-06-1300:00:00
Akash Labade
wpscan.com
3

EPSS

0.001

Percentile

31.5%

JSON

No CSRF Protection on Add new Fields. Can also Edit and Delete fields the same way.

PoC

1.Download csrf_wp-members.html 2.Change URL in html file.(FORM ACTION). 3.Submit Request. Video POC : https://drive.google.com/file/d/1TuJK0NjxznjTDmoJF5wbGu2vMA_XXikw/view?usp=sharing HTML_FILE : https://drive.google.com/file/d/131SkyhmXfOZeZV8ph6Y8QOaSVG3WxvdZ/view?usp=sharing

Related

cve 1
cvelist 1
openvas 1
wpexploit 1
prion 1
nvd 1
cve
cve
CVE-2019-15660
2019-08-27 13:15:10
cvelist
cvelist
CVE-2019-15660
2019-08-27 12:05:06
openvas
openvas
WordPress WP-Members Membership Plugin < 3.2.8 CSRF Vulnerability
2019-09-16 00:00:00
wpexploit
wpexploit
WP-Members <= 3.2.7 - Cross-Site Request Forgery (CSRF)
2019-06-13 00:00:00
prion
prion
Cross site request forgery (csrf)
2019-08-27 13:15:00
nvd
nvd
CVE-2019-15660
2019-08-27 13:15:10

EPSS

0.001

Percentile

31.5%

JSON
Related for WPVDB-ID:E193FABA-4589-45C7-AA4C-CAA3CE5A0072
cve1cvelist1openvas1wpexploit1prion1nvd1