WP User Groups <= 2.0.0 - Cross-Site Request Forgery (CSRF)



Description
CSRF allows modification of user groups and types.

Affects Plugin

fixed in version 2.1.0

References

URL https://advisories.dxw.com/advisories/csrf-wp-user-groups/
URL https://plugins.trac.wordpress.org/changeset/1859268/wp-user-groups
URL https://seclists.org/fulldisclosure/2018/May/27

Classification

Type CSRF
CWE CWE-352

Miscellaneous

Submitter Ryan
Submitter Website https://dewhurstsecurity.com/
Submitter Twitter ethicalhack3r
Views 6885
Verified No
WPVDB ID 9081

Timeline

Publicly Published 2018-05-11 (about 2 years ago)
Added 2018-05-14 (about 2 years ago)
Last Updated 2019-11-01 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin