Widget Logic <= 5.10.2 - CSRF and Lack of Authorisation



Description
Lack of CSRF and Authorisation checks in widget_logic_expand_control() method registered as an sidebar_admin_setup action could allow unauthorised settings change

Affects Plugin

fixed in version 5.10.3

References

CVE 2019-12826
URL https://plugins.trac.wordpress.org/changeset?reponame=&new=2115506%40widget-logic&old=2112753%40widget-logic

Classification

Type MULTI

Miscellaneous

Views 2818
Verified No
WPVDB ID 9413

Timeline

Publicly Published 2019-07-01 (5 months ago)
Added 2019-07-01 (5 months ago)
Last Updated 2019-07-02 (5 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin