WP Frontend Profile < 1.2.2 - CSRF Check Incorrectly Implemented



Description
The WP Frontend Profile WordPress plugin did not verify the Cross-Site Request Forgery (CSRF) nonce correctly.

Affects Plugin

fixed in version 1.2.2

References

URL https://github.com/glowlogix/wp-frontend-profile/issues/52

Classification

Type BYPASS

Miscellaneous

Original Researcher Julio Potier
Views 264
Verified No
WPVDB ID 10232

Timeline

Publicly Published 2020-05-19 (7 days ago)
Added 2020-05-22 (3 days ago)
Last Updated 2020-05-23 (2 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin