miniOrange Discord Integration by miniOrange <= 2.1.5 - Subscriber+ App Disabling
LANACOMMONVDB ID: dca6f79f-9c77-4aee-8ad5-046e9587ac5c
The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example.
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2022-08-26
- Published
- 2022-09-26
- Affected Version
- <= 2.1.5
Classification
- Type
- Cross-Site Request Forgery (CSRF), Missing Authorization
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
