Robo Gallery by RoboSoft <= 3.2.9 - Addon Plugin Activation/Deactivation via CSRF
LANACOMMONVDB ID: 6359840f-606a-475e-b435-b5fc3b22895c
The plugin does not have Cross-Site Request Forgery (CSRF) checks when activating and deactivating addon plugins, which could allow attackers to make logged in users perform such actions via Cross-Site Request Forgery (CSRF) attacks.
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2022-12-05
- Published
- 2023-02-02
- Affected Version
- <= 3.2.9
Classification
- Type
- Cross-Site Request Forgery (CSRF)
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
