exploitDog

GHSA-92wq-xf5r-xg8f

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

Ссылки

EPSS

Процентиль: 29%

0.00103

Низкий

CVE ID

Дефекты

CWE-352

Связанные уязвимости

CVE-2021-24776

CVSS3: 4.3

nvd

около 4 лет назад

The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

EPSS

Процентиль: 29%

0.00103

Низкий

CVE ID

Дефекты

CWE-352