Add From Server <= 3.3.1 - Cross-Site Request Forgery (CSRF)

Affects Plugin

fixed in version 3.3.2

References

CVE 2016-10914
URL https://seclists.org/fulldisclosure/2016/Aug/40
URL https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_vulnerability_in_add_from_server_wordpress_plugin.html

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Submitter ethicalhack3r
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 5922
Verified No
WPVDB ID 8590

Timeline

Publicly Published 2016-08-08 (over 3 years ago)
Added 2016-08-12 (over 3 years ago)
Last Updated 2019-11-28 (16 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin