Описание
The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- Not Applicable
- Not Applicable
- Not Applicable
- Not Applicable
- Not Applicable
- Not Applicable
- https://plugins.trac.wordpress.org/changeset/2368335/cool-timeline/trunk/fa-icons/fa-icons-class.phpPatch
- Third Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
- Not Applicable
- Not Applicable
- Not Applicable
- Not Applicable
- Not Applicable
- Not Applicable
- https://plugins.trac.wordpress.org/changeset/2368335/cool-timeline/trunk/fa-icons/fa-icons-class.phpPatch
- Third Party Advisory
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS3
Дефекты
Связанные уязвимости
The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
EPSS
4.3 Medium
CVSS3