CVE-2017-8099

Sažetak

There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.

Reference

http://seclists.org/fulldisclosure/2017/Apr/41
https://plugins.trac.wordpress.org/browser/whizz/trunk/change_log.txt

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

28-04-2017 - 17:48

Objavljeno

24-04-2017 - 18:59