CVE-2017-8099

MEDIUM(5.8)

AV:N/AC:M/Au:N/C:N/I:P/A:P

Risk Signal Score15/100 — NIEDRIG

CVSS 5.8 — Mittel

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

5.8

Technische Schwere

Beschreibung

There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.

Referenzen

http://seclists.org/fulldisclosure/2017/Apr/41
https://plugins.trac.wordpress.org/browser/whizz/trunk/change_log.txt
http://seclists.org/fulldisclosure/2017/Apr/41
https://plugins.trac.wordpress.org/browser/whizz/trunk/change_log.txt