Описание
Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.6 (включая)
cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 34%
0.00134
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 7.1
github
около 2 лет назад
Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.
EPSS
Процентиль: 34%
0.00134
Низкий
7.1 High
CVSS3
8.8 High
CVSS3
Дефекты
CWE-352