Description The KODO Qiniu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.5.1 (exclusive). This is due to missing or incorrect nonce validation on the kodo_setting_page() function. This makes it possible for unauthenticated attackers to replace URLs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CPE | Name | Operator | Version |
---|---|---|---|
eq | 1.5.1 |