Uncanny Toolkit for LearnDash <= 3.6.4.1 - Arbitrary Plugin Installation via CSRF
LANACOMMONVDB ID: ae4d66a3-28fe-4b27-8aa3-60646cf1ccef
The plugin does not have Cross-Site Request Forgery (CSRF) check when installing plugins, which could allow attackers to make logged in admins install and activate arbitrary plugins from wordpress.org repository via a Cross-Site Request Forgery (CSRF) attack.
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2023-01-11
- Published
- 2023-02-20
- Affected Version
- <= 3.6.4.1
Classification
- Type
- Cross-Site Request Forgery (CSRF)
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
