Описание
Cross-site request forgery (CSRF) vulnerability in improved-user-search-in-backend.php in the backend in the Improved user search in backend plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that insert XSS sequences via the iusib_meta_fields parameter.
Ссылки
- PatchVendor Advisory
- Exploit
- PatchVendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.4 (включая)
cpe:2.3:a:improved_user_search_in_backend_project:improved_user_search_in_backend:*:-:-:*:-:wordpress:*:*
EPSS
Процентиль: 66%
0.00526
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in improved-user-search-in-backend.php in the backend in the Improved user search in backend plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that insert XSS sequences via the iusib_meta_fields parameter.
EPSS
Процентиль: 66%
0.00526
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79